Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 2/19/2010 5:45 AM, André Warnier wrote:
- Since address 127.0.0.1 is the "local loopback" address on any host, a
process can only connect to it from the local host, and from nowhere else.
Yes, but things like
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 2/19/2010 5:45 AM, André Warnier wrote:
> - Since address 127.0.0.1 is the "local loopback" address on any host, a
> process can only connect to it from the local host, and from nowhere else.
Yes, but things like SSH tunnels can be used to
Caldarale, Charles R wrote:
From: Curtis Garman [mailto:curt.gar...@gmail.com]
Subject: Re: tomcat 6.0.18 shutdown address
yes...this is what I was told...thanks all for the info
Unfortunately, pretty much all of what André wrote was wrong, as Mark explained.
I apologise for the nonsense I
On 18/02/2010 23:08, Curtis Garman wrote:
yes...this is what I was told... thanks all for the info
To be clear: Mark's answer is the correct one.
p
On Thu, Feb 18, 2010 at 9:52 AM, André Warnier wrote:
Curtis Garman wrote:
Is this something new for tomcat 6?...I was told there was a s
> From: Curtis Garman [mailto:curt.gar...@gmail.com]
> Subject: Re: tomcat 6.0.18 shutdown address
>
> yes...this is what I was told...thanks all for the info
Unfortunately, pretty much all of what André wrote was wrong, as Mark explained.
So again, what you were told was fals
yes...this is what I was told...thanks all for the info
On Thu, Feb 18, 2010 at 9:52 AM, André Warnier wrote:
> Curtis Garman wrote:
>
>> Is this something new for tomcat 6?...I was told there was a security
>> vulnerability there with tomcat 5
>>
>
> Yes. At some point in time inversion 5.0 or
On 18/02/2010 15:42, Curtis Garman wrote:
Is this something new for tomcat 6?...I was told there was a security
vulnerability there with tomcat 5
I don't see an address property in either of the below:
http://tomcat.apache.org/tomcat-5.5-doc/config/server.html
http://svn.apache.org/repos/as
Mark Thomas wrote:
On 18/02/2010 15:42, Curtis Garman wrote:
Is this something new for tomcat 6?...I was told there was a security
vulnerability there with tomcat 5
By whom? It has been this way since Tomcat 4. The issue, if I recall
correctly, was with some of the Tomcat 3 releases.
Ooops..
Curtis Garman wrote:
Is this something new for tomcat 6?...I was told there was a security
vulnerability there with tomcat 5
Yes. At some point in time inversion 5.0 or 5.5 or 6.0, someone
realised that if this "shutdown port" allowed connections from anywhere,
there was a theoretical possib
On 18/02/2010 15:42, Curtis Garman wrote:
> Is this something new for tomcat 6?...I was told there was a security
> vulnerability there with tomcat 5
By whom? It has been this way since Tomcat 4. The issue, if I recall
correctly, was with some of the Tomcat 3 releases.
Mark
>
> On Thu, Feb 18,
> From: Curtis Garman [mailto:curt.gar...@gmail.com]
> Subject: Re: tomcat 6.0.18 shutdown address
>
> Is this something new for tomcat 6?...I was told there was a security
> vulnerability there with tomcat 5
You were misinformed. The shutdown port has always been open onl
Is this something new for tomcat 6?...I was told there was a security
vulnerability there with tomcat 5
On Thu, Feb 18, 2010 at 9:27 AM, Pid wrote:
> On 18/02/2010 15:14, Curtis Garman wrote:
>
>> I'm moving from tomcat 5.5.25 to tomcat 6.0.18 and have noticed one
>> problem.
>> I use to be able
On 18/02/2010 15:14, Curtis Garman wrote:
I'm moving from tomcat 5.5.25 to tomcat 6.0.18 and have noticed one problem.
I use to be able to define the following in my server.xml
...
but now the address portion won't work...I only want shutdown commands to be
able to come from localhost...can s
13 matches
Mail list logo
