From owner-freebsd-isp Fri Mar 22 14:36:57 2002 Delivered-To: freebsd-isp@freebsd.org Received: from picard.dyn.newmillennium.net.au (max038.apex.net.au [203.30.99.167]) by hub.freebsd.org (Postfix) with ESMTP id 7FB7237B417 for ; Fri, 22 Mar 2002 14:36:24 -0800 (PST) Received: (from root@localhost) by picard.dyn.newmillennium.net.au (8.11.6/8.11.4) id g2MMadB23769 for freebsd-isp@freebsd.org; Sat, 23 Mar 2002 09:36:39 +1100 (EST) (envelope-from deece@newmillennium.net.au) Received: from riker (riker.internal [192.168.0.50]) by picard.dyn.newmillennium.net.au (8.11.6/8.9.3) with ESMTP id g2MMacv23702; Sat, 23 Mar 2002 09:36:38 +1100 (EST) From: "Alastair D'Silva" To: "'Dave'" , Subject: RE: Questions about Apache Date: Sat, 23 Mar 2002 09:35:54 +1100 Organization: New Millennium Networking Message-ID: <001c01c1d1f1$eda14fe0$3200a8c0@riker> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: X-scanner: scanned by Inflex 0.1.5c - (http://www.inflex.co.za/) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I would argue the opposite, a script that is only executable by the webserver, and checks the UID of the user executing it (and possibly encrypting it with a reversible encryption based on something unique to the system such as the hostname, as well as parameters specified on the command line) is considerably more secure than simply leaving the key unencrypted. Consider the case when some random buffer overflow in your webserver allows an intruder to execute arbitrary code on the server. It is (obviously) trivial for them to retrieve the unencrypted key from the disk, as the web server user must be able to read it anyway. If it is encrypted, they must not only retrieve the key, but also determine which executable generates the pass phrase, determine what parameters are required to run it and finally run it, all without reading the executable itself to determine its structure. -- Alastair D'Silva B. Sc. mob: 0413 485 733 Networking Consultant New Millennium Networking http://www.newmillennium.net.au > -----Original Message----- > From: Dave [mailto:dave@hawk-systems.com] > Sent: Saturday, 23 March 2002 1:27 AM > To: Alastair D'Silva; 'Tyler'; freebsd-isp@freebsd.org > Subject: RE: Questions about Apache > > > Pay attention to the security warnings about this. You may > be better off not password protecting your key and letting > the file permissions(root read only) take care of the > security of it rather than having a password sitting in a > file somewhere waiting to be parsed. Either choice is really > dependant on how you have your security model set up. > > Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message