tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <smithh032...@gmail.com>
Subject RE: JAVA_OPTS catalina.bat vs tomcat7w.exe
Date Mon, 25 Feb 2013 23:55:14 GMT
On Feb 25, 2013 5:41 PM, "Caldarale, Charles R" <Chuck.Caldarale@unisys.com>
wrote:
>
> > From: Howard W. Smith, Jr. [mailto:smithh032772@gmail.com]
> > Subject: Re: JAVA_OPTS catalina.bat vs tomcat7w.exe
>
> > can you please clarify 'the server is open to abuse from pretty much
anyone
> > who can reach it'?
>
> The key phrase is "anyone who can reach it".  If everyone within your
firewall is fully trusted, then don't worry about it.  If not everyone is
fully trusted, then your current settings allow those persons to make
arbitrary changes to the configuration of Tomcat and your webapps with
rather limited tracking of who did what.  The MBeans exposed by the JMX
interface are not just viewable, they are modifiable by anyone with access.
>
>  - Chuck

Understood, thanks.

>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail and
its attachments from all computers.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message