[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] proposal : ~/.authinfo

From: Matthieu Moy
Subject: Re: [Gnu-arch-users] proposal : ~/.authinfo
Date: Thu, 11 Mar 2004 09:23:08 +0100
User-agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux)

Tom Lord <address@hidden> writes:

> and then you can register an archive with something like:
>     tla register-archive $ARCHIVENAME http://%s:address@hidden/$PATH

Hmm,  actually, this  is not  a really  good idea  : Passwords  on the
command line should really be avoided as much as possible :

* while the command  is being ran, any other user  on the same machine
  can get the arguments with a simple "ps u"

* After running the command, it is often archived in a ~/.bash_history
  or  ~/.history, which  is not  necessarily read-protected  for other
  users, ... 

So, we would just offer the user a potential security hole ... :-(

A better option would be to  offer the user to keep his password after
entering it with getpass().


reply via email to

[Prev in Thread] Current Thread [Next in Thread]