Apps need to access database and other object stores, get access to other servers via keys, use encrypted ssl certs etc...
The two strategies to deal with that I usually see are - variations on a config file (text) and trusting the OS permissions - manually entering a master password to an encrypted text file at start time The former is simple and doesn't need human intervention but creates a security issue if the host gets compromised, the latter limits automation. What other strategies have you seen successfully implemented? -- http://yves.zioup.com gpg: 4096R/32B0F416 _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
