Steffen Dettmer wrote: > > One possible solution, assuming you need to write the data but not read it > > until later is to encrypt it, generate a public/private keypair using > > pgp/gnupg, load the public key onto the server with your app, have it write > > the files after encrypting the data. Thus you can retrieve the data (ftp, > > www, whatever) and then decrypt it at your leisure and use it. > > I don't think that this makes things secure. If the web server > runs as nobody, the CGI script must be executable for nobody. The > secret key must be reable for nobody. No; only the *public* key needs to reside on the server, and that doesn't need to be secure. That's the whole point of "public key" cryptosystems. OTOH, there may well be other ways in which the security can be compromised. The easiest way would be to modify the CGI script, although that would be readily detectable. -- Glynn Clements <glynn.clementsat_private>
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 13:07:58 PDT