问题
I am trying to think of a reason why Tomcat would have a shutdown port but I can't think of any. As I understand it this port only works if messaged locally as it's attached to the loopback device, hence what's the point of having this? Couldn't this be done via internal command in a way that couldn't be spoofed by someone from outside your network?
Thank you!
回答1:
The shutdown port provides an OS neutral, scriptable way to shutdown a Tomcat instance. Once you remove the shutdown port you are almost certainly into the realms of OS specific code (or at least different code for Windows vs Unix plus derivatives). By default, Tomcat aims for common configuration and behaviour across all platforms.
The security profile of Tomcat installations vary wildly from single developer machines to thousands of instances in the cloud. It is impossible for the default configuration to be perfect for all likely installation environments. Tomcat aims for reasonably secure defaults that admins are expected to adjust to suit their environment.
In this case, the security risks come if untrusted users a) have access to the shutdown port and b) know the shutdown command. This should be a fairly rare scenario, hence why the shutdown port remains enabled for localhost by default. I certainly wouldn't want to run a service where I cared about its security on a machine where I had untrusted users. That said it does happen and, for those use cases, the shutdown port can be disabled.
Once the shutdown port is disabled, the Unix + derivatives solution is to set TOMCAT_PID at which point the scripts will continue to work as expected. On Windows, you are proably going to need to run as a service.
回答2:
I managed to find more parameters that can be passed to the server container here.
Aside from the default, you can also pass the address
attribute which would allow you to specify where Tomcat can be shut down from, which makes more sense that way.
However I still feel (given there doesn't seem to be a reason why not to) that it should be disabled by default.
来源:https://stackoverflow.com/questions/33576979/why-have-a-shutdown-port-in-tomcat