-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
On 6/24/16 9:36 AM, Jason Ricles wrote: > Yes, which has security modules and settings which may fail to be > loaded or might be unloaded from tomcat if the computer fails to > start up or shut down correctly. In that case, how does tomcat > handle that failure? Don't blame Jason: he's in regulatory hell. It happens to us all at one point or another. He's got to check a checkbox somewhere that says "we swear nothing bad will ever happen," even though the reality of the situation is that bad things can happen all the time. If we could prevent them (fail-secure), then nobody would ever have intrusions. Anyhow, Jason, it's hard to say whether Tomcat itself would "fail-secure" unless you are interested in some specific component. For example, if Tomcat can't initialize the TLS system, then the TLS endpoint will never come-up, thus making is fail-secure. (A more specific example is if you are using tcnative with OpenSSL and trying to use FIPS-mode... if you "require" FIPS mode, then Tomcat will fail if FIPS-mode fails, so you will get a Tomcat that won't listen to outside traffic. I'd call that fail-secure). On the other hand, there are things that can happen with the JVM where the process becomes completely unpredictable. Once an OOME happens, for instance, there are lots of weird things that can happen (or not happen). Generally, once the JVM is upset about something like that, errors happen all over the place and "no" meaningful work gets done (requests aren't serviced because they fail at some stage, etc.). But it's conceivable that some security control could fail to process correctly and yet the request would proceed to be serviced. I can't think of a situation where Tomcat would actually allow that to happen, but in a massive-JVM-failure scenario, there is simply no way to say definitively that nothing bad will ever happen. Any product or vendor that claims otherwise is simply lying to you. - -chris > On Thu, Jun 23, 2016 at 6:19 PM, André Warnier (tomcat) > <a...@ice-sa.com> wrote: >> On 23.06.2016 21:43, Jason Ricles wrote: >>> >>> Fail-secure is a condition achieved by the application server >>> in order to ensure that in the event of an operational failure, >>> the system does not enter into an unsecure state where intended >>> security properties no longer hold >> >> >> Just to make sure : you do know that tomcat is a computer >> program, right ? >> >> >>> >>> On Thu, Jun 23, 2016 at 3:33 PM, Mark Thomas <ma...@apache.org> >>> wrote: >>>> >>>> On 23/06/2016 20:21, Jason Ricles wrote: >>>>> >>>>> Does tomcat have a secure state if system initialization >>>>> fails, shutdown fails, or aborts fail? >>>> >>>> >>>> Define "secure state", "system initialization", "fails", >>>> "shutdown" and "aborts" and we might be able to help you. >>>> >>>> Mark >>>> >>>> >>>> ------------------------------------------------------------------- - -- >>>> >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: >>>> users-h...@tomcat.apache.org >>>> >>> >>> -------------------------------------------------------------------- - - >>> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXbVNRAAoJEBzwKT+lPKRY/dIP/jwnDwgdek1DkyeU9le5tfNm bhQCvMkUhwIXMVmsB9hff4/paehggNG4fFn+TvroI4cCIYrzwwV9fH8E2NwlmQ7n JXwazQ7HfwCkJyBkv9vANr+oWhMXPx5KMQkOeoiUKUkd+NOB4TYmFeP9gsBjM5gR nXUG6Cb/n4Ph4wpqfzKDG5445iiYE68odmo5lhql0aWWFx6A1j6JozW6jVkcuaLm NadGkFzqAOpOYkNC+acl4xpPTz8PgZo1gK6h9Bw/FgsmlPZKabE99YECif0Wts6q foczkVn+wQro/eo39RXApG4yGVo6S+io5bHypoSpulqLtHdZGEgykYDbko32FuAV PLVHcCjfTkoOfX/qJhcVRclkhkP6Qs+dxrLofz7ecwYVSyRIIHg1JLYFUiQm283p lZzm2lbn84J5qNrCUfnkf8FPbEafVMxWVFtHn7r4eJ8vvnc/hXtbk6xAHddSqwAB vV9Z7dJ3YayhLR3M8YdFNvG1bdVmerQcaAggpxYSDi0oPFInxY8mTfiMuQiU6wNy 1tKJ8W7vb1WKUS0Sx/rAWSo32zcDWe+JsYVnKQgidy8VL8OY62kROgvpP9eKeL0X nFG3V6ob5B/UeZZt1PU1nCg+KFpsw6cxNxvPUFg7FYu8CeV5Jts1mC0CZ/6i8wnH H6sKQS6ZJHDSJChobgpG =jHCI -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
