"R. DuFresne" wrote: > > On Thu, 11 Oct 2001, Owen Boyle wrote: > > > Personally, I would remove the passphrase since <flame-war>I think it is > > a waste of time</flame-war>. > > No flames from here, but, security should be more on the minds of folks > these days, not less security. That being said, removal of the password > might well be okay, depending upon the security of the server in question. > How many folks have hands-on access to this system? How many folks have > telnet/ssh/ftp access to this system? Those are issues to be considered > when making this kind of decision.
Aha! Someone picks up the gauntlet... Security has to be well-thought out. Fake security is worse than nothing because it provides an impression of safety and so leads to complacency. The only way to ensure security is to secure the whole machine. Our system is behind a sturdy firewall and other sneaky protections and we run a minimalist set of services (certainly no telnet, ssh or FTP) - http and smtp basically. We are regularly audited by third-party security companies and come out clean every time. The machine itself is in a sealed room with only LAN access from selected machines owned by sys-admins (who know the root password - so you've got to trust us). So I think we're OK (but I'd be interested to hear if there are any chinks in our armour). I admit that you might want to restrict who can start apache with mod_ssl if there is public access to the machine but hang on a minute... Why would anyone allow untrusted access to a machine on which they are going to run a secure HTTP server? Put it another way, would you feel happy sending your credit card number, even over SSL, to a machine that any Tom, Dick or Harry can log into? In other words, if you run a secure server, you have a *responsibility* to restrict access to it from your side of the FW. You would be opening yourself to tremendous liability if you took confidential details from clients and processed them on a machine which was insecure. "But, Judge, I had a passphrase..." won't cut much ice in the courts, I fear. In summary - Only if your machine is insecure do you "need" a passphrase - but if your machine is insecure you shouldn't be using it as an SSL server. Therefore, a passphrase is a waste of time. Discuss? Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
