Yes, it's possible. To achieve this, you should use asymetric
encryption, and *not* store the private key in the server.
Then, the question remains : how can I have the server safely
decrypt on demand ?! one possible solution could be to store
the private key in a remote server, dedicated to the u
ere really is no
such thing as absolute security, only probable security. Oh well.
Kevin
- Original Message -
From: "Vivek Khera" <[EMAIL PROTECTED]>
Newsgroups: ml.apache.modperl
To: <[EMAIL PROTECTED]>
Sent: Friday, June 15, 2001 2:23 PM
Subject: Re: ssl encryption
> "KS" == Kevin Schroeder <[EMAIL PROTECTED]> writes:
KS> This would make an interesting discussion because I've had the
KS> same question come up in my mind. How do you encrypt things on
KS> your server without giving out the passphrase? Is it even
KS> possible to keep the key in the same
in Trott" <[EMAIL PROTECTED]>
> To: "modperl" <[EMAIL PROTECTED]>
> Sent: Thursday, June 14, 2001 5:00 PM
> Subject: Re: ssl encryption
>
>
>>> When apache is serving a ssl connection, I assume that everything
>>> sent back and forth between the
Kevin
- Original Message -
From: "Benjamin Trott" <[EMAIL PROTECTED]>
To: "modperl" <[EMAIL PROTECTED]>
Sent: Thursday, June 14, 2001 5:00 PM
Subject: Re: ssl encryption
> > When apache is serving a ssl connection, I assume that everything
> > sent ba
Not storing the credit card numbers at all would be the best option :-)
If you must, we've usually used crypt for one-way encryption, or
Crypt::BlowFish for stuff we need to be able to decrypt (look after your
key!).
On Thursday, June 14, 2001, at 09:54 pm, Tim Gardner wrote:
> When apache
> When apache is serving a ssl connection, I assume that everything
> sent back and forth between the server and the client is encrypted.
> I want an mod_perl script to encrypt/decrypt credit card numbers
> obtained over the ssl connection for storage in a db on the server.
> Is there any access t
Apache uses OpenSSL to implement the transport encryption for HTTP
connections. You can find out more at http://www.openssl.org
This isn't necessarily how you would want to encrypt things on disk, however.
Encrypting a regular file or db file is not really a typical public key
encryption task -
When apache is serving a ssl connection, I assume that everything
sent back and forth between the server and the client is encrypted.
I want an mod_perl script to encrypt/decrypt credit card numbers
obtained over the ssl connection for storage in a db on the server.
Is there any access to the
"B. Burke" wrote:
>
> I've got a question related to encryption and mod_perl. I'm running
> an apache mod_perl server (AIX and Linux platforms) to serve HTML
> forms, query backend databases, and print formatted results. I currently
> use .htaccess for authentication, although this will probabl
gt; From: B. Burke [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 07, 2000 2:01 PM
> To: [EMAIL PROTECTED]
> Subject: SSL/encryption & mod_perl
>
>
> I've got a question related to encryption and mod_perl. I'm running
> an apache mod_perl server (AIX and
I've got a question related to encryption and mod_perl. I'm running
an apache mod_perl server (AIX and Linux platforms) to serve HTML
forms, query backend databases, and print formatted results. I currently
use .htaccess for authentication, although this will probably change.
My problem is that
12 matches
Mail list logo