> From: Tim Funk [mailto:[EMAIL PROTECTED]
> If you have an evil admin, there is nothing stopping the him from
> sniffing the network, or starting tomcat with a debugger
> which can look
> at the memory or {insert evil action here} ;)
Sure. Or do the old trick we used to do with Suns - L1-A o
If you have an evil admin, there is nothing stopping the him from
sniffing the network, or starting tomcat with a debugger which can look
at the memory or {insert evil action here} ;)
-Tim
Peter Crowther wrote:
From: Nelson, Tracy M. [mailto:[EMAIL PROTECTED]
An easier approach might be to wr
> From: Nelson, Tracy M. [mailto:[EMAIL PROTECTED]
> An easier approach might be to write your encrypting logger
> as a filter
> and have it take its input from a named pipe.
I thought about suggesting that, but there's a weak point - there's
nothing to stop an admin killing the encrypting logge
| From: Yulius [mailto:[EMAIL PROTECTED]
| Sent: Wednesday, 20 June, 2007 05:07
|
| I'm currently need to do the encryption towards the log files that
has
| been created by the webserver and the webapplication, so that only
those
| who has the password to decrypt the log files can read them.
So
gging engines... getting it back will require
some parsing.
Thats different good luck
- Original Message -
From: "Yulius" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, June 20, 2007 12:06 PM
Subject: Encrypt Tomcat 4.1 log and log4j.properties log with MD5
Hi,
I&#
a few times.
Think you need to explain more, maybe can find another way I
dont think this is an option.
- Original Message - From: "Yulius" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, June 20, 2007 12:06 PM
Subject: Encrypt Tomcat 4.1 log and log4j.properties log
t: Encrypt Tomcat 4.1 log and log4j.properties log with MD5
Hi,
I'm currently need to do the encryption towards the log files that has
been created by the webserver and the webapplication, so that only those
who has the password to decrypt the log files can read them.
Is there
Yulius wrote:
Hi,
I'm currently need to do the encryption towards the log files that has been created by the webserver and the webapplication, so that only those who has the password to decrypt the log files can read them.
Huh, why would you need to encrypt those files? Isn't OS access
md5 is a one way hash - so "encrypting" your log files with md5 will
yield unreadable files
Tomcat out of the box doesn't have anything like this. You would need to
do the following write your own log4j appenders (or whatever they are
called) which encrypt the data. Since log4j can (IIRC) can
Hi,
I'm currently need to do the encryption towards the log files that has been
created by the webserver and the webapplication, so that only those who has the
password to decrypt the log files can read them.
Is there a way to solve this issue?
Thanks in advance
Yulius
10 matches
Mail list logo
