Re: Questions about the HTTP Server and Keystore authority requirements for HTTPAPI

[Charles Wilt <charles.wilt@xxxxxxxxx>]

On Mon, Apr 16, 2012 at 11:28 AM, Scott Klement <sk@xxxxxxxxxxxxxxxx> wrote:
>
> --Granting ordinary users permission to run SSL applications
>
> The SSL key databases (certificate stores) contain the private keys as
> well as SSL certificates. Normally, a certificate file is publicly
> available, but a key is not.  It's perfectly acceptable (and normal) to
> send your certificate(s) to other sites, they can use them to check that
> you are who you claim to be, and when they send encrypted data to you,
> only you can read it (because you have the key, and nobody else does.)

So if we don't have any private keys in the keystore, allowing public
use would be fine...

Until we start adding them of course :)

>
> The risk in granting access to them is that the user who has been
> granted such access could potentially download the key file, and install
> it somewhere else to "impersonate" you.
>

Ok, makes sense.

> Adopted authority *never* works on IFS objects.
>

<smack> Yeah I knew that.  It's been a rough Monday...

Given that there will be a number of "regular" users running this app,
the profile swap APIs are probably our most straight forward solution.

Thanks Scott!

(as an aside...do you feel it'd be worthwhile to update the readme?)

Charles
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------