4

The page of migration to "tomcat 8" says (http://tomcat.apache.org/migration-8.html): "When starting Tomcat with the jpda option to enable remote debugging, Tomcat 8 listens on localhost:8000 by default. Earlier versions listened on *:8000"

1.what is the actual different between those configuration?

Thanks, Eyal

Eyal leshem
  • 995
  • 2
  • 10
  • 21

1 Answers1

7

I have filed that issue to change that to Tomcat 8. For a very good reason: If you provide *:8080, everyone who is on your network is able to hook into your VM and debug and maybe disclose sensitive data, moreover periodical Nessus scan in my company and others report that as a vulnerability. All you need to do is set the environment variable JPDA_ADDRESS to IP:PORT, ideally in your setenv.sh.

Michael-O
  • 18,123
  • 6
  • 55
  • 121
  • hi , thanks for your answer , but for some reason when i set JPDA_ADDRESS to be IP:PORT (for exmple 192.168.10.168:8000) for some reason the server isn't start - and i can't see anything in the Catalina log (and when JPDA_ADDRESS contained only port everything is ok..) . – Eyal leshem Jun 10 '14 at 09:51
  • Post the output of the `catalina.out`. Additionally, you must call `catalina jpda start`. – Michael-O Jun 10 '14 at 10:11
  • sorry , it was a grammar mistake (Unnecessary white space in the vatch file) , thanks a lot :) – Eyal leshem Jun 10 '14 at 10:32