HTTPS securing passphrase for the .pfx file

[Joyson D'souza]

I am implementing a node backend server for a mobile application. The mobile app connects to the server using an HTTPS link. I have created a .pfx file for this link. The issue is that in the options I have to provide the passphrase in clear. This passphrase can be read by anyone who has access to the server. Is there anyway to secure this passphrase.

Regards,

Joyson.

[Francesco Cioffi]

Run your script with ad-hoc User without read permission for Others.

Thanks,
FC

[Joyson D'souza]

Hi,

I am really not sure what you mean by that. Basically I run the app using the command node main.js. Can you please give me an example of what you said.

Regards,

Joyson

[Francesco Cioffi]

If your care is that file with private data is accessible by anyone you can create another user and set read permission only for the new user. Then you access on server with it and, run the script with this user.

Il you are on Linux machine:

# adduser myprivateuser

# chown -R myprivateuser:myprivateuser dirwithfiles

# chmod -R 600 dirwithfiles

# chmod -R u+X dirwithfiles

Is it right?

Regards,

Francesco

Inviato da iPad

--
Job board: http://jobs.nodejs.org/
New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+un...@googlegroups.com.
To post to this group, send email to nod...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/37dc1ab0-77ad-4f18-8952-b27b8adc8c1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.