> >> One idea:
> >> I know nothing about the AJP12 protocol but isn't it possible
> >> to generate some random seed (or whatever) while starting
> >> up tomcat, saving it to disk and then when the shutdown request
> >
> > Done. ( part of 3.3 ). I can back-port it into Tomcat3.2, but it's more
> > than a bug fix ( it changes the shutdown procedure ) and I'm not sure if
> > it's apropriate ( again, the rule used to be that only bug fixes are going
> > into the stable release ).
> > ( if we decide to do so, probably it'll be a good idea to integrate the
> > other changes in shutdown )
> >
> >
> >> arrives, it can be matched against both the ip address and
> >> the random seed (acting as a password)?
> >> The running instance has it in memory and the shutdown
> >> script gets the saved copy. With correct permissions this
> >> should prevent others from shutting down Tomcat.
> >
> > Costin
>
> Funny. We had that feature in Apache JServ back in 1998. Costin, I think it
> would be a forward port. LOL!
It's slightly better ( and it's new code, not based on JServ - I like
reusing code, but in this case I choosed to not )
First, the user doesn't have to configure the password ( secret ) ( a
random number is generated at startup if the user doesn't set a secret -
which is the common case).
Second, it is not sent for every request, only for shutdown ( the JServ
implementation did send the secret for every request - not needed since
normal requests are equivalent with their HTTP form ).
Costin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
