perhaps if the script was on another machine the far side of a one-way firewall ?
Owen Boyle wrote: > [EMAIL PROTECTED] wrote: > > Build a Script which provide mod_ssl with a passphrase. > > maybe its possible to modify apachectl for build and delete this script > > if necessary. > > http://www.modssl.org/docs/2.8/ssl_reference.html#ToC2 > > A lot of people do this but I wonder whether it is worth the bother... snip.. > Now, if you make a script to feed the pass-phrase to the server on boot, > what point is there in having the pass-phrase? The hacker, while > stealing the cert, might as well steal the pass-phrase from the script. > he has to have root access to get the cert in the first place so it's no > problem for him to get the script too. > > Actually, I wonder about the pass-phrase altogether. I prefer to have a > secure server so that no hacker can get the cert on the first place. if > I ensure that, then I don't need to worry about pesky pass-phrases... ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
