tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43588] - Tomcat uses hardcoded 127.0.0.1 for localhost
Date Thu, 01 Nov 2007 15:48:04 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43588>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43588





------- Additional Comments From fhanik@apache.org  2007-11-01 08:48 -------
(In reply to comment #8)
> InetAddress.getLocalHost().getHostAddress() does not necessarily return 
> localhost - it (can and usually) returns the IP address that other folks can 
> see.
> 
> This means that the shutdown listener by default would listen on a publicly 
> addressable location - which means now ANYONE by default can shutdown tomcat 
> instead of someone who has access to the machine. 
> 

For all the connectors:
The correct way is doing InetAddress.getLocalHost().getHostAddress()
we are not trying to get the IP of "localhost" here, we are trying to just get
one of the interfaces that Tomcat listens to so that we can release the accept
thread. 

What I would suggest, use InetAddress.getLocalHost().getHostAddress() wherever
we need to access a port that is listening on 0.0.0.0, and file a separate
bugzilla item for the other locations

Filip

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message