If the hacker has root privilages I'm pretty sure you have worse problems.

On Fri, Aug 27, 2010 at 7:14 PM,  <djohn...@desknetinc.com> wrote:
> André Warnier <a...@ice-sa.com> wrote on 08/27/2010 12:32:43 PM:
>
>> Ken Bowen wrote:
>> > If you wanted to go down this path, besides the web page for entering
>> > the password, you could add sending alerts to the cells of all your
>> > sysadmins to improve the probability of the password being entered in
> a
>> > timely manner.   Perhaps Tomcats in clusters could obtain the password
>> > from their brethren.
>> >
>> And to complete the circle and make it all more user-friendly, I
>> would also add the
>> password to the SMS being sent.
>> At least it would avoid having the sysadmins sticking it on a Post-
>> It on their screens.
>
> So all the hacker with root privileges has to do is temporarily replace
> the sysadmins list with a single a phone number, and then restart Tomcat,
> and (s)he is in business...

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to