Hi all!!! I'm developing a client-server application in which I wish to make the certificate database on the client side discreet....I'm skeptical of leaving the cert8.db, secmod.db, and key3.db accessible to all & sundry....Makes it vulnerable to getting hacked... I fully understand that the files are password protected but I still have my doubts regarding the password security...What if one could simply make copies of the files, modify the certutil.exe code to work as a brute force password cracker & LO!!!.... I guess we can easily crack atleast the ones having WEAK PASSWORDS....
So could anybody suggest me links to the certificate management mechanisms being used with Firefox, thunderbird, openOffice(I believe that these use NSS, right???), etc so that I may learn something from them....??? Are there any workarounds for the neccessity of local certificate databases...???? Can I not perhaps, allow the client to querry a remote certificate database like we do for CRLs?? Warm Regards, D3|\||\|!$ _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
