View Single Post
  #3   (View Single Post)  
Old 10th August 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
Join Date: May 2008
Location: USofA
Posts: 1,546

I think you have a good point that the web server should never have access to the users private key. The only thing that worries me is module creators would have to learn to create the key pair, submit the public key, and defend the private key. I suppose though that manages the task well enough with SSH setups.

My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote