> From: David Wall [mailto:[EMAIL PROTECTED]
> What's the downside if someone who
> has access to your filesystem has access to the SSL cert
> keystore? They
> can remove and install certs, but I could do that anyway by
> putting in a
> new keystore. Somehow they'd need to take your keystore, put it on a
> rogue system and then spoil DNS to trick users into that system? Why
> bother since I already have access to your web server's file system?
If they read your keystore and poison a DNS server, your server is not
defaced and you are less likely to be aware that it's happening. If you
don't routinely check your site from somewhere that uses the poisoned
DNS, you may be unaware that it's happened.
If they replace your webapp, you're more likely to notice.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
