[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sending password in the command line

On Thu, Dec 27, 2001 at 04:46:45PM +0100, David Flatz wrote:
> Pedro Zorzenon Neto said:
> >       $ PASS="password" myprogram enable username IP
> > 
> >     then "myprogram" will read the PASS from the environment.
> >     is there anyway a regular user could capture passwords?
> yes it is "ps auxe"
> try getting the password via <stdin> like "mysql -p"

Thanks for you sugestion David,

  As it is a Perl script that will call the program, I'll do in the Perl
  code something like this:

  $tmp=`umask 177; tempfile`;
  fopen (PASS,">$tmp");
  print PASS $password;
  fclose PASS;
  `cat $tmp | myprogram enable $user $ip; rm -f $tmp`;

  will this be safe now?


Reply to: