Encrypting Web Forms

Frank Tobin ftobin@uiuc.edu
Wed, 21 Jul 1999 12:08:44 -0500 (CDT)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Holger Schurig, at 19:29 on Tue, 20 Jul 1999, wrote:


> > However, it isn't a good idea to sign the message because you must store
> > the secret key on a public maschine and/or store the passphrase somewhere
> > in the script. This is highly insecure.
>
> Or you remove your passphrase from your secret ring ... which is even
> more insecure ...
One should have a key which is solely meant for use on that machine by root-running scripts, with no password; the concept behind this is that any signed messages are just as verifiable as secure as the root account of the machine, and no more. If root was broken into, then there could be many more modifications. - -- Frank Tobin "To learn what is good and what is to be www.neverending.org/~ftobin valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus FreeBSD: The Power To Serve PGPenvelope = GPG and PGP5 + Pine PGP: 4F86 3BBB A816 6F0A 340F www.neverending.org/~ftobin/resources.html 6003 56FF D10A 260C 4FA3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.8 (FreeBSD) Comment: PGPEnvelope - http://www.bigfoot.com/~ftobin/resources.html iD8DBQE3lf8oVv/RCiYMT6MRAtEHAJ9ZG3DCLyf5i0+ixz72iEm7vjxuJACgsM0H ckD4IyuXYw9uz2F1ZPXX4yI= =DWE0 -----END PGP SIGNATURE-----