Archived

This forum has been archived. Please start a new discussion on GitHub.

IcePHP + IceSSL plugin

sportlane
sportlane
in Help Center
Hello,

I was wondering if there is a way (or plan) to make IcePHP extension to ask ssl private key password from the console when Apache web service starts up. We do not want to put the private key passwords into config file since it is a security risk. Currently, if I do not provide IceSSL.Password value apache process dies and writes these lines into Ice.StdErr:

*terminate called after throwing an instance of 'IceUtil::ThreadLockedException'
**what(): *N7IceUtil21ThreadLockedExceptionE

Mikael Suvi

Comments

  • mes
    mes California
    Hi Mikael,

    Unfortunately there is no simple way to do what you want.

    One approach would be to write an Ice plugin in C++ that supplies the password. The plugin would retrieve the IceSSL plugin and install a password callback object. The problem with this approach is that the plugin would not be initialized until the communicator is initialized, and in IcePHP that doesn't happen until the first PHP script is executed. This means it wouldn't be a good idea for your plugin to prompt the console for the password, since you don't know when the communicator will be initialized. Of course, your plugin could hard-code the password, which might be somewhat better than storing the password in a text file.

    We could consider modifying a future version of IcePHP to initialize its communicator immediately at startup, so that any plugins are executed during PHP's startup sequence. However, that doesn't guarantee that a plugin can interact directly with the console, as Apache may interfere with the standard file descriptors.

    Take care,
    - Mark
  • sportlane
    sportlane
    Thanks!

    Mikael Suvi

Categories