On Wed, May 17, 2000 at 10:25:19PM -0400, David Z Maze wrote: > Eric G Miller <egm2@jps.net> writes: > EGM> On Thu, May 18, 2000 at 12:57:18AM +0800, [EMAIL PROTECTED] wrote: > >> But for example,what if I want to write a shell script which will login > >> to the remote server automatically?e.g..for some cgi...etc... <snip> > None of the "run a program which runs a program with the password as a > command-line argument" schemes will work, because the subprogram will > have the password as a command-line argument. It's worth noting that > the environment is similarly insecure, since (BSD) ps's "e" switch > (not the SysV "-e" switch) will display programs' environments.
Isn't this the purpose of ~/.netrc ? > If what you're trying to do is be lazy and not give your password to > the mail server when you're incing your POP mail, this is probably a > Bad Idea (TM), and you probably really want to go ahead and type your > password. (Though there are other issues with this, most notably > those involving trust of the mail server and packet sniffers on the > network.) Admittedly, using .netrc doesn't solve the problem of sending the password in clear-text to the POP server (neither does retyping it on the command-line) but at least it keeps the password from showing up on the output of a "ps" (at least on my slink system, YMMV). -- David Karlin [EMAIL PROTECTED] Powered by Debian GNU/Linux
