tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark W. Webb" <m...@dolphtech.com>
Subject Re: Tomcat security?
Date Thu, 03 Jul 2003 18:55:53 GMT
I can't believe that passwords for SSL are stored in the clear.  That 
places all responsibility of security to the OS, which may not be a good 
idea.  What happened to defense-in-depth ??

Nathan McMinn wrote:

>When was the last time Tomcat had a published exploit?
>
>On a related note, these kind of "contests" are fairly common, and usually
>don't produce any kind of real activity.
>
>--Nathan
>
>----- Original Message -----
>From: "Eugene Lee" <list-tomcat-user@fsck.net>
>To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
>Sent: Thursday, July 03, 2003 10:51 AM
>Subject: Tomcat security?
>
>
>  
>
>>Anyone want to discuss hardening Tomcat servers?
>>
>>Hacking Contest Threatens Web Sites
>>
>>By George V. Hulme, InformationWeek
>>Updated Wednesday, July 2, 2003, 3:00 PM EDT
>>
>>A hacking contest slated for this weekend could produce a rash
>>of Web-site defacements worldwide, according to a warning issued
>>Wednesday by security companies and government Internet security
>>groups.  The hacker defacement contest is expected to kick off
>>on Sunday. The contest supposedly will award free hosting
>>services, Web mail, unlimited E-mail forwarding, and a domain
>>name of choice for the triumphant hackers, according to a Web
>>site promoting the contest.
>>
>>...
>>
>>More details at:
>>
>>http://www.internetweek.com/story/showArticle.jhtml?articleID=10818014
>>
>>
>>--
>>Eugene Lee
>>http://www.coxar.pwp.blueyonder.co.uk/
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>  
>




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message