tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Freeborg" <jfreeb...@softswitch.com>
Subject Hackers shutting down your Tomcat 4.x server?
Date Fri, 09 Nov 2001 18:49:23 GMT
As I was reading through the server.xml config documentation I noticed
that the shutdown attribute of the server element is described as:

      The command string that must be received via a
      TCP/IP connection to the specified port number
      in order to shut down Tomcat.

      <Server port="8005" shutdown="SHUTDOWN" debug="99">

Am I correct in assuming that this would be a great thing to change if
you have a server out in the wild? (and perhaps the port also)

Other than a firewall blocking traffic to this port, what would prevent
some random hacker from connecting to port 8005 and shutting down my
server?

Thanks,
 - John

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message