md5 is a one way hash - so encrypting your log files with md5 will
yield unreadable files
Tomcat out of the box doesn't have anything like this. You would need to
do the following write your own log4j appenders (or whatever they are
called) which encrypt the data. Since log4j can (IIRC) can
Yulius wrote:
Hi,
I'm currently need to do the encryption towards the log files that has been created by the webserver and the webapplication, so that only those who has the password to decrypt the log files can read them.
Huh, why would you need to encrypt those files? Isn't OS access
Why? No, do it some other way, I think this will get horribly complex.
On windows I think near impossible, short of placing a symmetrical alg in
the source.
What about normal protection, in essence the server starts up as a user, and
only that user has access to the log folder, naturally
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/06/2007, at 12:53 PM, Johnny Kewl wrote:
Why? No, do it some other way, I think this will get horribly complex.
On windows I think near impossible, short of placing a symmetrical
alg in the source.
What about normal protection, in essence
Ah, just clicked what you doing, sorry I'm slow today I think you using
logging as a reporting system in your apps. Interesting, question becomes
when does logging become private... personally I think the philosphy is
wrong, but ok, thats what you doing.
I would think about serving
| From: Yulius [mailto:[EMAIL PROTECTED]
| Sent: Wednesday, 20 June, 2007 05:07
|
| I'm currently need to do the encryption towards the log files that
has
| been created by the webserver and the webapplication, so that only
those
| who has the password to decrypt the log files can read them.
From: Nelson, Tracy M. [mailto:[EMAIL PROTECTED]
An easier approach might be to write your encrypting logger
as a filter
and have it take its input from a named pipe.
I thought about suggesting that, but there's a weak point - there's
nothing to stop an admin killing the encrypting logger
If you have an evil admin, there is nothing stopping the him from
sniffing the network, or starting tomcat with a debugger which can look
at the memory or {insert evil action here} ;)
-Tim
Peter Crowther wrote:
From: Nelson, Tracy M. [mailto:[EMAIL PROTECTED]
An easier approach might be to
From: Tim Funk [mailto:[EMAIL PROTECTED]
If you have an evil admin, there is nothing stopping the him from
sniffing the network, or starting tomcat with a debugger
which can look
at the memory or {insert evil action here} ;)
Sure. Or do the old trick we used to do with Suns - L1-A out
