Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Tomcat - Shutdown port

On a new installation of Tomcat (default config files), you'll notice that your server.xml file is set up with a shutdown port of 8005, and shutdown="SHUTDOWN". What does this mean?

It means that anyone who contacts the server locally on port 8005 and send it the words SHUTDOWN can cause Tomcat to close out all its web applications and shut down cleanly. Yikes - is this a security hole of what? It could be. Fortunatly , you'll notice that I said it's a LOCAL connection to the port that causes a shutdown, so it no-one can ssh or telnet in, nor log in from the keyboard unless they're an admin, it might not be a problem ....

If your Tomcat server allows anyone except the administrator to log in with a shell, then I strongly suggest you change shutdown="SHUTDOWN" to shutdown="waSS-I41tis" so that at least it won't be a string that any hacker can guess. You might like to change the port number too. Alas, it would be unwise to disable the facility completely, since catalina.sh and shutdown.sh use the port (details read from the config file) as part of their processing. At least server.xml is neither group nor world readable.

waSS-I41tis => "what a STUPID SYSTEM - I for one think it's silly"
(written 2006-08-18)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
A654 - Web Application Deployment - Configuring and Controlling Tomcat
  [907] Browser -> httpd -> Tomcat -> MySQL. Restarting. - (2006-10-28)
  [914] A practical example of roles - (2006-11-04)
  [1351] Compressing web pages sent out from server. Is it worth it? - (2007-09-14)
  [1370] Apache Tomcat Performance Tuning - (2007-09-29)
  [1503] Web page (http) error status 405 - (2008-01-12)
  [1553] Automatic startup and shutdown of Tomcat - (2008-02-24)
  [1762] WEB-INF (Tomcat) and .htaccess (httpd) - (2008-08-20)
  [1943] Port and Glasses - (2008-12-14)
  [1994] tomcat-users.xml; what a difference a space made - (2009-01-16)
  [2039] The Invoker - (2009-02-13)
  [2061] Tomcat 6 - Annotated Sample Configuration Files - (2009-03-01)
  [2163] CATALINA_OPTS v JAVA_OPTS - What is the difference? - (2009-05-09)
  [2652] Reading and writing cookies in Java Servlets and JSPs - (2010-02-26)
  [3043] Gathering information - logging - with log4j. First steps. - (2010-11-12)

A652 - Web Application Deployment - Tomcat -Sourcing, Installing and Initial Testing
  [1049] Java 6, Apache Tomcat 6. - (2007-01-21)
  [1550] Java (JSP and Servlet examples) live on our server - (2008-02-23)
  [2088] Changing the 404 - file not found - page in Tomcat - (2009-03-18)
  [3819] Packing a tar, jar or war file - best practise - (2012-07-26)


Back to
Build on what you already have with OO
Previous and next
or
Horse's mouth home
Forward to
Talking about other training companies.
Some other Articles
Forum help - a push in the right direction
Computers, Brides and Cream Teas
Reporting on the 10 largest files or 10 top scores
Talking about other training companies.
Tomcat - Shutdown port
Build on what you already have with OO
Python - when to use the in operator
Python makes University Challenge
Old Wardour Castle
Displaying data at 5 items per line on a web page
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.info/mouth/837_Tomc ... -port.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb