Then the question comes up of what happens if you're not storing it in a
database? Say, for example, every night at midnight there's a report that
gets taken from the database and emailed to a manager in an Excel
spreadsheet that contains all the purchasing information from the previous
day. Plus, most people concur that there is no such thing as a 100% secure
system, however, using a 2048 bit GPG asynchronous key would make it quite
difficult to get that information, even if the server was broken into and
all the root passwords were changed. Then, of course, the intruder could
change the passkey for the encryption and send the reports to himself.
Then, of course you could modify "su" to report whenever someone uses it to
su to root, but that's only valid if they get in with su. But then we're
getting beyond the scope of this mailing list. I guess there really is no
such thing as absolute security, only probable security. Oh well.
Kevin
----- Original Message -----
From: "Vivek Khera" <[EMAIL PROTECTED]>
Newsgroups: ml.apache.modperl
To: <[EMAIL PROTECTED]>
Sent: Friday, June 15, 2001 2:23 PM
Subject: Re: ssl encryption
> >>>>> "KS" == Kevin Schroeder <[EMAIL PROTECTED]> writes:
>
> KS> This would make an interesting discussion because I've had the
> KS> same question come up in my mind. How do you encrypt things on
> KS> your server without giving out the passphrase? Is it even
> KS> possible to keep the key in the same location as the program using
> KS> it and still maintain security?
>
> No; the only way to secure this would be to make the server ask you to
> type the passphrase on startup, and you never write this down. This
> makes it impossible to have automated restart, of course.
>
> Better thing to do is to secure your database server a bit better.
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Vivek Khera, Ph.D. Khera Communications, Inc.
> Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497
> AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
>
