tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Crowther" <Peter.Crowt...@melandra.com>
Subject RE: Encrypt Tomcat 4.1 log and log4j.properties log with MD5
Date Wed, 20 Jun 2007 16:53:11 GMT
> From: Tim Funk [mailto:funkman@joedog.org] 
> If you have an evil admin, there is nothing stopping the him from 
> sniffing the network, or starting tomcat with a debugger 
> which can look 
> at the memory or {insert evil action here} ;)

Sure.  Or do the old trick we used to do with Suns - L1-A out of the
kernel, then poke through the data structures in memory with the
built-in ROM debugger (thanks Sun).  Any (non-quantum?) system can be
compromised with enough effort.  The aim is merely to make the hack
sufficiently difficult that most corrupt admins would reckon there are
easier (and/or more profitable) hacks elsewhere.  Or, put another way,
"when outrunning a dragon, you don't have to run faster than the dragon.
You just have to run faster than the dwarf."

		- Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message