Training, Open Source computer languages

Search for:
Print friendly page
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
Tomcat - Shutdown port

On a new installation of Tomcat (default config files), you'll notice that your server.xml file is set up with a shutdown port of 8005, and shutdown="SHUTDOWN". What does this mean?

It means that anyone who contacts the server locally on port 8005 and send it the words SHUTDOWN can cause Tomcat to close out all its web applications and shut down cleanly. Yikes - is this a security hole of what? It could be. Fortunatly , you'll notice that I said it's a LOCAL connection to the port that causes a shutdown, so it no-one can ssh or telnet in, nor log in from the keyboard unless they're an admin, it might not be a problem ....

If your Tomcat server allows anyone except the administrator to log in with a shell, then I strongly suggest you change shutdown="SHUTDOWN" to shutdown="waSS-I41tis" so that at least it won't be a string that any hacker can guess. You might like to change the port number too. Alas, it would be unwise to disable the facility completely, since catalina.sh and shutdown.sh use the port (details read from the config file) as part of their processing. At least server.xml is neither group nor world readable.

waSS-I41tis => "what a STUPID SYSTEM - I for one think it's silly"
(written 2006-08-18 19:12:05)

 
Associated topics are indexed under
A652 - Web Application Deployment - Tomcat -Sourcing, Installing and Initial Testing
A654 - Web Application Deployment - Configuring and Controlling Tomcat

Back to
Build on what you already have with OO
 Previous and next
or
Horse's mouth home		 Forward to
Talking about other training companies.
Some other Articles
Forum help - a push in the right direction
Computers, Brides and Cream Teas
Reporting on the 10 largest files or 10 top scores
Talking about other training companies.
Tomcat - Shutdown port
Build on what you already have with OO
Python - when to use the in operator
Python makes University Challenge
Old Wardour Castle
Displaying data at 5 items per line on a web page
2259 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).
Public Training Courses
Running regularly at our UK training Centre.
[Schedule] - [About] - [Book]
Related short articles
Configuring httpd, or Tomcat, to run CGI scripts in Perl
Multiple web applications under Tomcat - what are the options?
An FAQ on the Apache httpd and Apache Tomcat web servers, and on using them together
Choosing the right version of Java and Tomcat
What do people think of our Apache httpd / Tomcat course?
Changing the 404 - file not found - page in Tomcat
Using ApacheBench and jconsole to test and monitor Tomcat
Why put Apache httpd in front of Apache Tomcat
Copyright, Portability and other nontechnical web site issues
Tomcat 6 - Annotated Sample Configuration Files
Database connection Pooling, SSL, and command line deployment - httpd and Tomcat
Sharing the load between servers - httpd and Tomcat
Invoker and cgi servlets on Tomcat 6
httpd, Tomcat and PHP course enhancements
Sticky Sessions with mod_jk (httpd to Tomcat)
Java Tag Libraries / how they work / Tomcat Deployment
Through Snow and Flood to Linux and Tomcat
Apache httpd and Apache Tomcat miscellany
Advise before my Apache / Tomcat course
tomcat-users.xml; what a difference a space made
Forwarding session and cookie requests from httpd to Tomcat
Port and Glasses
Server - Service - Engine - Host, Tomcat
Virtual Hosting under Tomcat - an example
More HowTo diagrams - MySQL, Tomcat and Java
Diagrams to show you how - Tomcat, Java, PHP
WEB-INF (Tomcat) and .htaccess (httpd)
Increasing Java Virtual Machine memory for Tomcat
All Change, Portsmouth Harbour
Default file (MiMe types) for Apache httpd and Apache Tomcat
Automatic startup and shutdown of Tomcat
Extra public classes in deploying Apache httpd and Tomcat
Load Balancing with Apache mod_jk (httpd/Tomcat)
Apache Tomcat Performance Tuning
Apache, Tomcat, Jakarta, httpd, web server - what are they?
Sharing the load with Apache httpd and perhaps Tomcat
Java 6, Apache Tomcat 6.
Apache httpd and Apache Tomcat together tips
Browser -> httpd -> Tomcat -> MySQL. Restarting.
Tomcat - Shutdown port
Apache httpd to Tomcat - jk v proxy
Why is Tomcat called Tomcat?
Changing Tomcat's web.xml and reloading a web application
Linking Apache httpd to Apache Tomcat
Portrait of the author
Business is the predominant user of Tomcat, Perl and Tcl
© WELL HOUSE CONSULTANTS LTD., 2009: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 707126 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho