I'm not defending running rogue workloads on your employers infrastructure, that's obviously wrong. I'm just saying from the description, and the role of who did it, it probably wasn't super problematic in terms of security.
I think this thread highlights nicely that context is everything.
In this case, I think vasco's take is correct: the sysadmin was indeed trustworthy enough to exercise this discretion in response to overzealous employee productivity rules without at all undermining his primary responsibilities.
The proxy was definitely in a place to essentially trivialize it's impact. I'm pretty sure thats why it was placed where it was, as opposed to make it harder to find. If that was the chief concern, disabling logging would have obviously been the first thing to happen.
In this case, I think vasco's take is correct: the sysadmin was indeed trustworthy enough to exercise this discretion in response to overzealous employee productivity rules without at all undermining his primary responsibilities.
The proxy was definitely in a place to essentially trivialize it's impact. I'm pretty sure thats why it was placed where it was, as opposed to make it harder to find. If that was the chief concern, disabling logging would have obviously been the first thing to happen.