tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Crowther" <>
Subject RE: Encrypt Tomcat 4.1 log and log with MD5
Date Wed, 20 Jun 2007 16:53:11 GMT
> From: Tim Funk [] 
> If you have an evil admin, there is nothing stopping the him from 
> sniffing the network, or starting tomcat with a debugger 
> which can look 
> at the memory or {insert evil action here} ;)

Sure.  Or do the old trick we used to do with Suns - L1-A out of the
kernel, then poke through the data structures in memory with the
built-in ROM debugger (thanks Sun).  Any (non-quantum?) system can be
compromised with enough effort.  The aim is merely to make the hack
sufficiently difficult that most corrupt admins would reckon there are
easier (and/or more profitable) hacks elsewhere.  Or, put another way,
"when outrunning a dragon, you don't have to run faster than the dragon.
You just have to run faster than the dwarf."

		- Peter

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message