Re: Concern for storage of payment gateway key
From: Todd Knarr (tknarr_at_silverglass.org)
Date: 07/22/04
- Next message: rockwell: "encrypt a message"
- Previous message: Bryon Bean: "Concern for storage of payment gateway key"
- In reply to: Bryon Bean: "Concern for storage of payment gateway key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Jul 2004 06:44:40 GMT
In comp.security.unix <CtydnaYQP4NITmPdRVn-rg@comcast.com> Bryon Bean <bryon_bean@msn.com> wrote:
> nobody-like user. My confusion is this; even if the file sits encrypted on
> another server, the passphrase to decrypt the file, and the login access to
> another server must still reside in the perl script that requires the key
> information. Can someone please give me a clue about best practices (and
I think your confusion is due to an error in what the CGI script requires.
It doesn't need to know the key contained in the file, it needs to know
whether the password given by the user matches what's stored in the file.
The usual method is to send either the password or a one-way hash of the
password from the CGI script to the other (authentication) server. The
authentication server then checks whether what the CGI script sent
matches the contents of the file and sends back a yes/no answer to the
CGI script. The authentication server needs read access to the file
containing the key, but the CGI script only needs the ability to make
a network connection to the authentication server.
--
All I want out of the Universe is 10 minutes with the source code and
a quick recompile.
-- unknown
- Next message: rockwell: "encrypt a message"
- Previous message: Bryon Bean: "Concern for storage of payment gateway key"
- In reply to: Bryon Bean: "Concern for storage of payment gateway key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
