Hi,
Mikhail Voytenko wrote:
document. Although it would need more actions, I do not think that
somebody who got access to the memory and was able to read the password
would not be able to read more keys. Please correct me if I have
misunderstood something.
I don't know about Windows, but UNIX. One possible scenario:
1. There are some colleges in a branch and they are working on their
individual terminal.
2. All UNIX processes of OpenOffice.org are running in their server machine
and their visual images are projected to users' individual terminal.
3. User A types 'ps -ef' command to find a process ID of User B's
OpenOffice.org.
4. User C takes User B for a coffee break.
5. User A comes to B's desk and starts a terminal emulator.
6. User A types 'gcore -o output.filename processID' on Solaris or
using gcore subcommand of 'gdb' on Linux to get a core dump without
terminating the OpenOffice.org.
7. User A closes the window of the terminal emulator.
8. User B comes back to his desk and continues his work.
9. User A and C starts to look for the password with their debugger
referring to the source code of OpenOffice.org.
The point is that intruders have plenty time to look for the password
in their laboratory, once they have taken the contents of a process memory.
Does Windows Server have the similarity?
Best Regards,
Tora
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.org
For additional commands, e-mail: dev-h...@openoffice.org
