> From: Tim Funk [mailto:[EMAIL PROTECTED]
> If you have an evil admin, there is nothing stopping the him from
> sniffing the network, or starting tomcat with a debugger
> which can look
> at the memory or {insert evil action here} ;)
Sure. Or do the old trick we used to do with Suns - L1-A out of the
kernel, then poke through the data structures in memory with the
built-in ROM debugger (thanks Sun). Any (non-quantum?) system can be
compromised with enough effort. The aim is merely to make the hack
sufficiently difficult that most corrupt admins would reckon there are
easier (and/or more profitable) hacks elsewhere. Or, put another way,
"when outrunning a dragon, you don't have to run faster than the dragon.
You just have to run faster than the dwarf."
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
