[Gllug] Apache mod_ssl

[will]

Doug Winter wrote:
> generally in real life the password is kept in a text file on the same 
> machine, and then the password entering phase of server start up is 
> faked using, as someone else said, some crappy perl script.  that is no 
> more secure than no password at all, so it seems much simpler just to 
> remove the encryption completely.

So it is more secure as long as you don't keep the password in a text 
file on the same server then.  I would aggree, it is an unlikely attack 
on anything I am running.

Will.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug