> No, my risk model is to simply ascertain whether distributing the certs > as files in the application directory is a serious security risk or not > and, if it is, what steps can make it less so.
If it's a security risk, it's because something is broken someplace else. Why do you need to hide a customer's own certificates from that customer? Presumably, the certificate only permits the customer to do things the customer is authorized to do. If the customer's cert lets the customer do something the customer is not allowed to do, then something is broken elsewhere. > > This will not keep a cryptographer out of your application, but should > > pass the "warm and fuzzy" test. > It may make it harder for a disruptive hacker. How would a hacker be able to disprut anything by obtaining normal user access? If normal user access permits disruption, you have a design flaw. > Whether this extra processing is really necessary, good security, or > "security theatre" as another respondent on this thread claims, I am > really not sure. But that is why I posted my OP, to see what others > think and how others handled the situation. > > Thanks ! If it's necessary, it's inadequate. An ordinary user should only be permitted to do those things you wish to allow that user to do. So an ordinary user getting access to his own credentials should not pose a security risk. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
