Re: sending password in the command line
On Thu, Dec 27, 2001 at 04:46:45PM +0100, David Flatz wrote:
> Pedro Zorzenon Neto said:
> > $ PASS="password" myprogram enable username IP
> > then "myprogram" will read the PASS from the environment.
> > is there anyway a regular user could capture passwords?
> yes it is "ps auxe"
> try getting the password via <stdin> like "mysql -p"
Thanks for you sugestion David,
As it is a Perl script that will call the program, I'll do in the Perl
code something like this:
$tmp=`umask 177; tempfile`;
print PASS $password;
`cat $tmp | myprogram enable $user $ip; rm -f $tmp`;
will this be safe now?