Yes, it's possible. To achieve this, you should use asymetric
encryption, and *not* store the private key in the server.
Then, the question remains : how can I have the server safely
decrypt on demand ?! one possible solution could be to store
the private key in a remote server, dedicated to the
as absolute security, only probable security. Oh well.
Kevin
- Original Message -
From: Vivek Khera [EMAIL PROTECTED]
Newsgroups: ml.apache.modperl
To: [EMAIL PROTECTED]
Sent: Friday, June 15, 2001 2:23 PM
Subject: Re: ssl encryption
KS == Kevin Schroeder [EMAIL PROTECTED] writes:
KS
KS == Kevin Schroeder [EMAIL PROTECTED] writes:
KS This would make an interesting discussion because I've had the
KS same question come up in my mind. How do you encrypt things on
KS your server without giving out the passphrase? Is it even
KS possible to keep the key in the same location as
When apache is serving a ssl connection, I assume that everything
sent back and forth between the server and the client is encrypted.
I want an mod_perl script to encrypt/decrypt credit card numbers
obtained over the ssl connection for storage in a db on the server.
Is there any access to the
Apache uses OpenSSL to implement the transport encryption for HTTP
connections. You can find out more at http://www.openssl.org
This isn't necessarily how you would want to encrypt things on disk, however.
Encrypting a regular file or db file is not really a typical public key
encryption task
When apache is serving a ssl connection, I assume that everything
sent back and forth between the server and the client is encrypted.
I want an mod_perl script to encrypt/decrypt credit card numbers
obtained over the ssl connection for storage in a db on the server.
Is there any access to
Not storing the credit card numbers at all would be the best option :-)
If you must, we've usually used crypt for one-way encryption, or
Crypt::BlowFish for stuff we need to be able to decrypt (look after your
key!).
On Thursday, June 14, 2001, at 09:54 pm, Tim Gardner wrote:
When apache
- Original Message -
From: Benjamin Trott [EMAIL PROTECTED]
To: modperl [EMAIL PROTECTED]
Sent: Thursday, June 14, 2001 5:00 PM
Subject: Re: ssl encryption
When apache is serving a ssl connection, I assume that everything
sent back and forth between the server and the client is encrypted
I've got a question related to encryption and mod_perl. I'm running
an apache mod_perl server (AIX and Linux platforms) to serve HTML
forms, query backend databases, and print formatted results. I currently
use .htaccess for authentication, although this will probably change.
My problem is
"B. Burke" wrote:
I've got a question related to encryption and mod_perl. I'm running
an apache mod_perl server (AIX and Linux platforms) to serve HTML
forms, query backend databases, and print formatted results. I currently
use .htaccess for authentication, although this will probably
. Burke [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 07, 2000 2:01 PM
To: [EMAIL PROTECTED]
Subject: SSL/encryption mod_perl
I've got a question related to encryption and mod_perl. I'm running
an apache mod_perl server (AIX and Linux platforms) to serve HTML
forms, query backend
11 matches
Mail list logo