tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: Encrypt Tomcat 4.1 log and log with MD5
Date Wed, 20 Jun 2007 16:42:35 GMT
If you have an evil admin, there is nothing stopping the him from 
sniffing the network, or starting tomcat with a debugger which can look 
at the memory or {insert evil action here} ;)


Peter Crowther wrote:
>> From: Nelson, Tracy M. [] 
>> An easier approach might be to write your encrypting logger 
>> as a filter
>> and have it take its input from a named pipe.
> I thought about suggesting that, but there's a weak point - there's
> nothing to stop an admin killing the encrypting logger and siphoning the
> unencrypted logs out of the named pipe.  It has to be built into the
> originating process, I think, and a custom appender is probably the
> least awful way.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message