[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sending password in the command line



On Thu, Dec 27, 2001 at 05:22:03PM +0100, David Flatz wrote:
> Pedro Zorzenon Neto said:
> > Thanks for you sugestion David,
> > 
> >   As it is a Perl script that will call the program, I'll do in the Perl
> >   code something like this:
> > 
> >   $tmp=`umask 177; tempfile`;
> >   fopen (PASS,">$tmp");
> >   print PASS $password;
> >   fclose PASS;
> >   `cat $tmp | myprogram enable $user $ip; rm -f $tmp`;
> > 
> >   will this be safe now?
> 
> why don't you just do
> 
> #!/usr/bin/perl
> print('enter pass: ');
> $tmp = <>;
> system('myprogram enable $user $tmp $ip');
> 
> david flatz
> 

Because that doesn't solve the original problem of the password being
visible on the command line. The environment and the stdin were two
suggested ways of passing the password.

I think the first bit of code would work but why not use pipe opens in
perl? ie.

open(PASS, "|myprogram enable $user $ip);
write PASS "PASSWORD";

-- 
Benjamin Smith <bsmith@vtrl.co.uk, benjaminsmith86@yahoo.co.uk>

Attachment: pgpzbmf8XAdGz.pgp
Description: PGP signature


Reply to: