On Sat, Aug 21, 1999 at 07:26:41PM -0500, John Hasler wrote:
> Justin Wells writes:
> > A good middle ground might be to read the password from an environment
> > variable.
I did mention in my message that it's a security problem, but I also
don't think it's a big issue on a home machine, where ppp is likely
to be installed. I'm also not suggesting that people should set some
kind of password in their .profile either; and note that if it appears
in any shell script, then yes it's in an environment variable.
What I was suggesting, in response to the need for dynamic password
setting, is that if the pon script looked for the password in an
environment variable it would be trivial to write a wrapper script
to query the user for it.
It would live in the environment variable only as a way of passing it
from one script to another, not as a method for keeping it in the
users environment.
I don't see how you're going to query for a dynamic password without
it winding up in an environment variable, unless you write the whole
wrapper in C.
Justin
>
> Never ever put a password in an environment variable.
>
> > Then I could write the script that sets the environment variable and
> > calls your script
>
> What script are you referring to? pppconfig sets up provider files and
> chatscripts and edits the secrets files but does nothing at run time. pon
> is just '/usr/sbin/pppd call ${1:-provider}'. The way I would support
> dynamic passwords is by having pppconfig generate a script and call it from
> the connect line in the provider file instead of chat.
>
> > Of course there is a security consideration here, but on a home machine
> > it's unlikely to be a big issue.
>
> Never ever put a password in an environment variable.
> --
> John Hasler
> [EMAIL PROTECTED] (John Hasler)
> Dancing Horse Hill
> Elmwood, WI
>
>
> --
> Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
>
