httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dan <i...@hostinthebox.net>
Subject Re: [users@httpd] Apache 1.3x Secure Server
Date Tue, 10 May 2005 00:16:26 GMT
Bob Cohen wrote:
> dan wrote:
>  > This is covered in mod_ssl's FAQ.  This would apply to you if you're
> 
>> using mod_ssl:
>>
>> http://www.modssl.org/docs/2.7/ssl_faq.html#remove-passphrase
> 
> 
> Thank you Dan.  I guess it isn't such a good idea to do this, eh?  It's 
> just that I've got an awful memory, occasional power outages, and a 
> e-commerce program that relies on the secure server running to work.
> 
> Bob
> 
> 

Bob -

It's not as insecure as one might thing.  Remember that there are other 
ways to secure the server.  If you make sure no one else has access to 
the key, you are in no danger.  I've been in your situation a number of 
times, and found this to be appropriate for most every time.

There's also a way, from within Apache, to run an external program that 
generates the key and uses that as an argument to Apache's startup 
procedure, which alleviates the problem that we're talking about.  But 
by doing stuff that way, too, you have to make sure no one else has 
access to that program.

Thanks
-dant

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message