If the hacker has root privilages I'm pretty sure you have worse problems. On Fri, Aug 27, 2010 at 7:14 PM, <djohn...@desknetinc.com> wrote: > André Warnier <a...@ice-sa.com> wrote on 08/27/2010 12:32:43 PM: > >> Ken Bowen wrote: >> > If you wanted to go down this path, besides the web page for entering >> > the password, you could add sending alerts to the cells of all your >> > sysadmins to improve the probability of the password being entered in > a >> > timely manner. Perhaps Tomcats in clusters could obtain the password >> > from their brethren. >> > >> And to complete the circle and make it all more user-friendly, I >> would also add the >> password to the SMS being sent. >> At least it would avoid having the sysadmins sticking it on a Post- >> It on their screens. > > So all the hacker with root privileges has to do is temporarily replace > the sysadmins list with a single a phone number, and then restart Tomcat, > and (s)he is in business...
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org