Not all uses of SSL are for the purposes of sending highly sensitive data back and forth to a database. Example: It may be used to allow external access to an Intranet using certificate authentication, and of course encryption. In this case many people may have access internally to the system in question but that doesn't mean you want them having control to start and stop services.
I am applying this loosly, for no other reason than to point out that it is possible for shared access on an SSL set up. Obviously you would expect that not everyone has root anyway so couldnt start the webserver, but it may be so that the SSL portion is further restricted amoungst the administrators of that computer. Just a thought, Nick Quoting Owen Boyle <[EMAIL PROTECTED]>: > I admit that you might want to restrict who can start apache with > mod_ssl if there is public access to the machine but hang on a > minute... > Why would anyone allow untrusted access to a machine on which they are > going to run a secure HTTP server? Put it another way, would you feel > happy sending your credit card number, even over SSL, to a machine that > any Tom, Dick or Harry can log into? ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
