Alice, a Server Administrator (Tomcat), wants to ensure that Tomcat can be shut down only by the user who owns the Tomcat process. Select the appropriate setting of the CATALINA_HOME/conf in server.xml that will enable him to do so.
To ensure that Tomcat can be shut down only by the user who owns the Tomcat process, the server.xml file should be configured to disable the shutdown port. This is done by setting the port attribute of the element to -1. The shutdown attribute should be set to a value (like “SHUTDOWN”) that would be known to the server administrator. This configuration prevents remote or unauthorized shutdowns of the Tomcat server via the shutdown port.
References: The information is consistent with best practices for securing Tomcat servers as per the guidelines found in various resources, including Stack Overflow discussions and Tenable® security configurations123. For official EC-Council Application Security Engineer (CASE) JAVA documentation and learning resources, please refer to the EC-Council’s official materials and courses45.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit