If you have an evil admin, there is nothing stopping the him from
sniffing the network, or starting tomcat with a debugger which can look
at the memory or {insert evil action here} ;)
-Tim
Peter Crowther wrote:
From: Nelson, Tracy M. [mailto:[EMAIL PROTECTED]
An easier approach might be to write your encrypting logger
as a filter
and have it take its input from a named pipe.
I thought about suggesting that, but there's a weak point - there's
nothing to stop an admin killing the encrypting logger and siphoning the
unencrypted logs out of the named pipe. It has to be built into the
originating process, I think, and a custom appender is probably the
least awful way.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
