> Storing the information on the SSL server is a Very Bad Idea (tm), as it
> makes it available to anyone who can hack into SSL server. Putting it at
> arms length, whilst not necessarily more secure in an absolute sense,
> extends the time it will take for someone to crack the connection, which
> increases the likelihood that you will catch them before they succeed.
Right, and I'd love to get the information to such a machine with restricted
access. Unfortunately I don't have that luxury. There must surely be some
other way to encrypt the information and then allow a user to retrieve it
over SSL. Can't you store a public key on the server and keep a private key
on the client (the one that retrieves the data). Wouldn't that mean that
while the server could encrypt the data, it couldn't decrypt it without the
private key? Then again, I don't know a lot about encryption.
Well, let me know if there's any solution here.
Thanks,
Russell
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
