8 May
2008
8 May
'08
2:33 a.m.
Emmanuel Dreyfus wrote:
Michael Ströder michael@stroeder.com wrote:
Anyway either the private key has to be stored somewhere 1. in clear or 2. password-protected. 2. would require manual admin interaction during startup. (I don't know whether that's supported at all.)
Sure, but it's not a shared secret.
Yes, but you won't gain much security compared to sending the password in clear over the wire (protected by encrypted tunnel) and let the server compare it to a hashed password. In both configurations you have to store the credentials in the client's configuration as clear-text.
Ciao, Michael.