Handling password inputs and verification in config scripts so that special characters are allowed in passwords

To: debian-mentors@lists.debian.org
Cc: Christian BAC <Christian.Bac@it-sudparis.eu>
Subject: Handling password inputs and verification in config scripts so that special characters are allowed in passwords
From: Olivier Berger <olivier.berger@it-sudparis.eu>
Date: Mon, 28 Jul 2008 13:22:29 +0200
Message-id: <[🔎] 1217244149.17920.33.camel@hortense>

Hi.

Let's consider the following snippet from a package's config script :
	    db_beginblock
	     db_input critical "phpgroupware/header/password" || true
	     db_input critical "phpgroupware/header/password/confirm" || true
	    db_endblock
	    db_get "package/header/password"
	    password="$RET"
	    db_get "package/header/password/confirm"
	    confirm="$RET"
	    if [ "$password" != "$confirm" ] ; then

If I'm not mistaken, whenever a user inputs a password containing
characters like a double quote ("), the script may fail to properly
manage such a password.

Is there any good practice, doc or otherwise guidelines on how to deal
with such cases in debconf ?

Thanks in advance.

Best regards,

-- 
Olivier BERGER <olivier.berger@it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)

Reply to:

Follow-Ups:
- Re: Handling password inputs and verification in config scripts so that special characters are allowed in passwords
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: RFS: libenglab
Next by Date: RFS: disc-cover
Previous by thread: Re: RFS: wmnetselect (updated package, QA upload, RC bugfix)
Next by thread: Re: Handling password inputs and verification in config scripts so that special characters are allowed in passwords
Index(es):
- Date
- Thread