* Liam Whalen wrote on Sun, Sep 30, 2007 at 23:07 -0400: > How do I make sure that the ODBC username and password file is > secure? Should I encrypt that file with a public key and hard > code the private key into the server?
You mean, you want protect some local configuration file, because you expect local attackers on the machine? I'm afraid in this case having a private key in server code wouldn't help much, because the attacker can access it as well. At least in RAM she would be able to access the username and the password in clear. Also, when you cannot trust the local machine, SSL/TLS would not help much, because the deciphered clear text could be accessible (stored in some RAM buffer, maybe even swapped out to disk / swap partition). Maybe you can trust the local machine in general for this purpose even if not all local users are trusted; let the application run under some special (non-human) user account to avoid the other (human) users can `debug' it? oki, Steffen About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them. www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
