On Tue, Sep 16, 2014 at 11:42:51AM +0000, Edward Ned Harvey (blu) wrote: > I would rather receive notification that a production service was > *restarted* rather than *is down* > > Richard wants to say that's stupid. I not only disagree, I think > Richard's position is insulting and ignorantly one-sided.
1. An attacker of your site is able to exploit a vulnerability to upload a custom malicous loadable module for your managed service, but can not otherwise gain access to a shell or the filesystem. 2. The same attacker is also able to exploit a separate bug to cause the server to crash. 3. If that service is compromised, it could potentially cost your company millions of dollars in lost revenues and/or law suits. Should the server automatically restart? Can you ever really rule out #1 and #2? -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
_______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
