tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William Lee <w...@sendmail.com>
Subject Shutdown more securely
Date Fri, 12 Oct 2001 17:10:58 GMT
 From what I've read it seems like Tomcat has this notion of shutdown 
TCP port which allow anyone from localhost to shutdown the server, given 
that they know the shutdown command.  Is there any way to make this more 
secure?  I can probably vary the shutdown= attribute in the server.xml, 
but isn't that the same as having a plain password in a text file?  I 
thought of a couple of schemes that may make this more secure.  Can 
somebody tell me what he/she whether each is viable/stupid/overkill?

1. Of course, you need to prompt the user for a different shutdown 
string than "SHUTDOWN", and make server.xml readable only to the user.

2. Each time you start tomcat, generate a different server.xml with a 
random string as the shutdown= attribute.

3. Hack tomcat and insert my own platform dependent auth scheme to check 
whether the user has the privilage to shutdown the server.


I'm just saying this since my manager is worried about this and our 
product running on an environment that even localhost can't be trusted. 
  Any suggestion is greatly appreciated.  Thanks,

-- 
William Lee (Will)        | Sendmail Inc.
Email:  wlee@sendmail.com | http://www.sendmail.com
Tel:    (510) 594-5505    |


Mime
View raw message