hi alexander - see inline comments. > Jay W., can we use the Atrernate Passphrase somehow? I didn't find > anything > about it in Automation interface description.
right now that alternate passphrase plays a role in SCI merchant notifications, but you're correct, there is no use of it currently in the e-gold automation interface. ... > even > if somebody will steal Alternate Passphrase from server he will not be > able to use it from another IP. it is a difficult, if not an unsolvable problem - if someone can access a server that has the capability to perform spends, is there a way to keep the intruder from performing those spends? your idea does prevent certain abuses so it is worthwhile to consider. how about a simple way to keep your passphrase off the server disk entirely - have your application prompt you for it at runtime and only have it memory resident (ignoring swapping issues which possibly could be avoided with an mlock or equiv). what's the best way to have something stored in memory that your CGI can get to? maybe a shared memory segment that a utility sets up? --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
