[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#298689: What do you gain?

Nick Phillips wrote:
> Using a passphrase on your ssl keys should mean that "someone" is unable
> to take them and use them elsewhere without your knowledge.

You do realise that anyone with root access on your machine while apache
is running can just yank the unencrypted key right out of apache's
memory space, right?  This is obviously true, since if apache didn't
keep either your key or your passphrase (which would amount to the same
thing) in memory at all times, it would have to ask you for your
passphrase on each incoming connection.

... Adam

Reply to: