-- Jeanfrancois
Pier Fumagalli wrote:
On 10/12/02 0:30 "Jeanfrancois Arcand" <[EMAIL PROTECTED]> wrote:
Now, don't tell me that ALL that collection of cruft doesn't have a bug...I never say that and I will never says that. But I least I have try
It's just that we are lucky and noone found them yet (given enough eyes...
Linus says)...
during the Security Audit to fix some of the obvious one. Still Tomcat
is probably not enough secure (and will never be). My point is if you
are aware of such obvious one, then let me know and I will fix them.
You said (quote) "Jasper/AdminTool/etc. are secure"... That's a pretty bold statement.doesn't call up at 3 AM saying "the server is down because of a DOS"... Nah,From my experience, security audits and stuff are all right, until someone
I don't like being woken up in the middle of the night...
But I don't think Tomcat is more secure without JSP.... I know, I know, whatThe bible (for us Sun customers, _your_ customers):
I think you don't care :-)
<http://wwws.sun.com/software/security/blueprints/#minimum>
"Solaris Operating Environment Minimization for Security: A Simple,_YOUR_ security folks tought me that... Go and talk to them, they're down in
Reproducible and Secure Application Installation Methodology
- Updated for the Solaris 8 Operating Environment"
- November 2000
- by Alex Noordergraaf
Discusses the process of minimizing an installation of the Solaris Operating
Environment. Mimimization is the process of removing all unnecessary
components and services from the Solaris software to reduce system
vulnerabilities. Also introduces a simple technique for replicating these
types of installations across a large number of systems.
SCA-7 if I'm not wrong... Paranoia is an irreversible process for us on the
line-of-fire.
Don't worry, you would have _hated_ working with me (and proudly keeping upTo sum up: rule of the thumb #3, less code, less bugs (you folks from SunWow, didn't know that... I've missed the chance to work with you :-)
preach that all over your Solaris Blueprints stuff, I learnt it when your
employer was paying my salary).
my record of being the most hated freak on the planet).
I should studies my Tomcat history and learn who is doing what, whatOh, no, I got paranoid after I left Sun and started working on the other
biases he/she have, and then vote appropriatly.
side of the barricade... Trying to use in production what I was coding
earlier... :-)
Pas de problemes (where are the accents on this keyboard?)So, please, donšt come up on a mailing list saying "that is secure", justI agree my wording was not appropriate. Should say that in french next
say that "noone has found a bug yet", because that (and only that) is the
truth...
time :-)
Pier
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
