Re: [cobalt-users] SSL ?

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

Jason Gottschalk wrote:

> Hello Jeff,

Hello, Jason... I'm replying to you directly as well as to the list, so
you'll get to read this before the list comes back up again on Monday,
since it's shutdown for the weekend.

> I have telnet turned off.  But in the interest of security, I suppose
> it should still be encrypted.

Definitely.  Do you have ssh?  Do you give anyone at all ssh access to
the box?  Anyone with ssh access could read the file, even if it's in a
password protected directory.

> How might I go about doing that?  I have a simple cgi that reads the
> form and writes it to disk.  Then I have a password protected html
> file that does a ssi to read in the data file.

Theoretically, I can tell you: you use gpg or pgp.  In practice... it's
something I've been trying to make work for quite a while <frown>.  Any
experts out there?

> So I guess my cgi needs to encrypt it, then I'll need another cgi to
> read it rather than just bringing it in through ssi.

The way I want to do it is quite simple:

Read the form and encrypt the data, and send an encrypted email, in real
time, as the form is sent (using https) to the server.

Then when you or your client gets the email, decrypt it locally again
with either gpg or pgp, and read it.

Never store it on the system at all, not even encrypted.

That's the safest way.

> Can perl encrypt it with out much trouble?

A perl script can call gpg or pgp.  Easily?  I'd say so, but I'm still
having trouble figuring it out <frown>.

Any helpers?

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";