Encrypting Web Forms

Wed, 21 Jul 1999 12:08:44 -0500 (CDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Holger Schurig, at 19:29 on Tue, 20 Jul 1999, wrote:

> > However, it isn't a good idea to sign the message because you must store

> > the secret key on a public maschine and/or store the passphrase somewhere

> > in the script. This is highly insecure.

> 

> Or you remove your passphrase from your secret ring ... which is even

> more insecure ...

One should have a key which is solely meant for use on that machine by
root-running scripts, with no password; the concept behind this is that
any signed messages are just as verifiable as secure as the root account
of the machine, and no more.  If root was broken into, then there could be
many more modifications.

- -- 
Frank Tobin		      "To learn what is good and what is to be
www.neverending.org/~ftobin    valued, those truths which cannot be
			       shaken or changed." Myst: The Book of Atrus
FreeBSD: The Power To Serve

PGPenvelope = GPG and PGP5 + Pine	    PGP:  4F86 3BBB A816 6F0A 340F
www.neverending.org/~ftobin/resources.html        6003 56FF D10A 260C 4FA3

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.8 (FreeBSD)
Comment: PGPEnvelope - http://www.bigfoot.com/~ftobin/resources.html

iD8DBQE3lf8oVv/RCiYMT6MRAtEHAJ9ZG3DCLyf5i0+ixz72iEm7vjxuJACgsM0H
ckD4IyuXYw9uz2F1ZPXX4yI=
=DWE0
-----END PGP SIGNATURE-----