[WEB SECURITY] username & pw in clear-text through SSL considered safe?
Licky Lindsay
noontar at gmail.com
Mon Jun 16 17:41:53 EDT 2008
On Mon, Jun 16, 2008 at 3:56 PM, Paul Schmehl <pschmehl_lists at tx.rr.com> wrote:
> Of course, the keys should be read only by root only (0400) and the
> directory they're in should be accessible only to root as well. (0700).
Would this require the web application to run as root?
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list