DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43588>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43588 ------- Additional Comments From [EMAIL PROTECTED] 2007-11-01 08:48 ------- (In reply to comment #8) > InetAddress.getLocalHost().getHostAddress() does not necessarily return > localhost - it (can and usually) returns the IP address that other folks can > see. > > This means that the shutdown listener by default would listen on a publicly > addressable location - which means now ANYONE by default can shutdown tomcat > instead of someone who has access to the machine. > For all the connectors: The correct way is doing InetAddress.getLocalHost().getHostAddress() we are not trying to get the IP of "localhost" here, we are trying to just get one of the interfaces that Tomcat listens to so that we can release the accept thread. What I would suggest, use InetAddress.getLocalHost().getHostAddress() wherever we need to access a port that is listening on 0.0.0.0, and file a separate bugzilla item for the other locations Filip -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
