We have a system which relies on Apache+SSLeay for user authentication. The whole thing sits behind a firewall, and only essential services are up, but we have to consider the impact of someone successfully getting in to the server. The possible security hazard I have in mind is, what if someone does manage to get into the server? They could conceivably add a CA public certificate of their own choosing to the CACertificateFile used by Apache+SSLeay, and then gain access to our system by writing their own certificate, which would be validated by the server based on the CACertificateFile contents. Naturally, this file is read-only, etc., but root is root! The only idea I've come up with so far is to put the CACertificateFile on some media which is _physically_ read-only (a floppy with the read-only tab set comes to mind). Is there a better solution? Austin Gosling
begin: vcard fn: Austin Gosling n: Gosling;Austin org: ioNET S.A. adr: Armando Pesantes OE9-743;;;Quito;Pichincha;;Ecuador email;internet: [EMAIL PROTECTED] title: General Manager tel;work: +593 2 43 54 12 tel;fax: +593 2 43 54 12 note: PGP public key http://www.ionet.com.ec/pubkeys/alg.txt x-mozilla-cpt: ;0 x-mozilla-html: FALSE version: 2.1 end: vcard
