> Jim Seach wrote:
> [snip]
> >
> > One of the possible custom solutons is to encrypt the
> > other information with your public key, then use the
> > private key to decrypt the other sensitive
> > information. Since the info is signed with the public
> > key, any developer could encrypt information that
> > could only be retrieved by the system. That way, the
> > solution would scale.
You just made me think of another decent argument against the current
implementation. In a typical install setup, all developers,
administrators, and anyone else with access to the box currently has
unfettered access to the keystore, because they have the password. That
is not good. You probably want only a single administrator have access
to the cert, that way you don'd have to get a new one every time someone
leaves the business. Of course a highly-knowledgeable admin could simply
hide the keystore and/or TC conf directory in an inaccessible directory
(preferably both for maximum security), but not everyone is a security
whiz. The opt-in configuration option for a "prompt me" approach makes
it ALOT easier to secure everything right and without goofing up
directory permissions. And again, it is probably the only decent option
for Windoze shops.
- Christopher
