tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <funk...@joedog.org>
Subject Re: Encrypt Tomcat 4.1 log and log4j.properties log with MD5
Date Wed, 20 Jun 2007 16:42:35 GMT
If you have an evil admin, there is nothing stopping the him from 
sniffing the network, or starting tomcat with a debugger which can look 
at the memory or {insert evil action here} ;)

-Tim

Peter Crowther wrote:
>> From: Nelson, Tracy M. [mailto:Tracy.Nelson@nelnet.net] 
>> An easier approach might be to write your encrypting logger 
>> as a filter
>> and have it take its input from a named pipe.
> 
> I thought about suggesting that, but there's a weak point - there's
> nothing to stop an admin killing the encrypting logger and siphoning the
> unencrypted logs out of the named pipe.  It has to be built into the
> originating process, I think, and a custom appender is probably the
> least awful way.
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message