On Thu, Dec 27, 2001 at 05:22:03PM +0100, David Flatz wrote:
> Pedro Zorzenon Neto said:
> > Thanks for you sugestion David,
> >
> > As it is a Perl script that will call the program, I'll do in the Perl
> > code something like this:
> >
> > $tmp=`umask 177; tempfile`;
> > fopen (PASS,">$tmp");
> > print PASS $password;
> > fclose PASS;
> > `cat $tmp | myprogram enable $user $ip; rm -f $tmp`;
> >
> > will this be safe now?
>
> why don't you just do
>
> #!/usr/bin/perl
> print('enter pass: ');
> $tmp = <>;
> system('myprogram enable $user $tmp $ip');
>
> david flatz
> Because that doesn't solve the original problem of the password being visible on the command line. The environment and the stdin were two suggested ways of passing the password. I think the first bit of code would work but why not use pipe opens in perl? ie. open(PASS, "|myprogram enable $user $ip); write PASS "PASSWORD"; -- Benjamin Smith <[EMAIL PROTECTED], [EMAIL PROTECTED]>
pgpNjYxGOIMor.pgp
Description: PGP signature
