On Thu, Mar 11, 1999, glin wrote:
>[...]
> Just a thought. To secure the key, it may be necessary to put the key on a
> different machine. When the web server needs it, get it from there. After
> using it, erase it from memory. This solves the core dump problem.
Hmm... the webserver needs the key on _every_ established and not-resumed
connection. This would cost too much when you transfer it every time from
another host. And even when you accept this overhead, it doesn't solve the
situation IMHO.
Sure, it solves the core dump problem, but this remote-host approach isn't
more secure, I think. Because you now have a new problem: You've to make sure
that Apache on the webserver is the _ONLY_ instance who can get the key from
the remote host. Speaking in NP-hard-style I would say that this problem is
as hard as the problem you initially had ;-)
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
