Nick Phillips wrote: > Using a passphrase on your ssl keys should mean that "someone" is unable > to take them and use them elsewhere without your knowledge.
You do realise that anyone with root access on your machine while apache is running can just yank the unencrypted key right out of apache's memory space, right? This is obviously true, since if apache didn't keep either your key or your passphrase (which would amount to the same thing) in memory at all times, it would have to ask you for your passphrase on each incoming connection. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
