[Twisted-Python] automating startup of twistd application.
Syver Enstad
syver-en at online.no
Fri Jan 2 18:00:07 EST 2004
Jp Calderone <exarkun at intarweb.us> writes:
> On Fri, Jan 02, 2004 at 12:55:12PM +0100, Syver Enstad wrote:
>> Because I want to do some automatic maintenace tasks I need to be
>> able to start and stop the daemon from a script. Unfortunately I
>> have little knowledge of Linux and the twistd daemon/application and
>> need some input on how to attack this problem.
> Requiring the passphrase to decrypt the SSL certificate is a measure
> of security. It makes it more difficult for attackers to trick your
> users into thinking the attacker is you, by rendering the
> certificate useless in the absense of the passphrase. If the
> passphrase is sitting in a plaintext file somewhere, waiting to be
> used by the script that restarts your daemon, this security is
> negated - attackers need now only read the script in addition to
> copying the certificate. If the passphrase is stored encrypted,
> then this could be avoided, but then you would have to type in a
> passphrase to decrypt that. Of course, you could store that
> passphrase in a file.... Hopefully you see where this is leading.
Yes, I think that I am throughly hosed anyway if someone gets access
to the filesystem on the machine in question.
> Hope this helps,
Yes, thanks. The security aspects of it is certainly interesting and
important. Where should I look to find out how to automate startup of
the twistd daemon so that it doesn't prompt for the root password?
--
Syver Enstad
More information about the Twisted-Python
mailing list