> Hi,
>
> I'm new to all this SSL business, but have got OpenSSL
> set up now (Linux, Apache, OpenSSL, PHP3).
>
> Secure transmissions are all very well, but the next
> question is how to store the data securely on the machine,
> or transmit it securely via email.
>
> I'd thought of write()'ing sensitive data to a root-readable
> file but because apache is running as "nobody" I can't do
> this (?). And I think that running apache as root would create
> invulnerabilities.
The word is "Vunerabilities" and yes, it may :)
> Alternately, how could I send it encrypted as an email (with
> the above configuration)?
>
> How do you lot deal with the problem?
You have a considerable number of options available to you. Firstly,
emailing the data to root@localhost. Since it never passes over the
network, it can only be intercepted by someone who has compromised the
machine (In which case you're stuffed anyway :) Secondly, you could write
the data to an all-writeable, root-readble file, thus turning it into a
kind of one-way gate, data goes in, but doesn't come out (chmod go=w)
Thirdly, you could download any one of a number of open-source encryption
products which will encrypt the data with the public key of the recipient,
thus making it available only to whoever has the private key. Start at the
PGP site for that sort of thing.
Richard
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
