[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] proposal : ~/.authinfo
|
From: |
Matthieu Moy |
|
Subject: |
Re: [Gnu-arch-users] proposal : ~/.authinfo |
|
Date: |
Thu, 11 Mar 2004 09:23:08 +0100 |
|
User-agent: |
Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux) |
Tom Lord <address@hidden> writes:
> and then you can register an archive with something like:
>
>
> tla register-archive $ARCHIVENAME http://%s:address@hidden/$PATH
Hmm, actually, this is not a really good idea : Passwords on the
command line should really be avoided as much as possible :
* while the command is being ran, any other user on the same machine
can get the arguments with a simple "ps u"
* After running the command, it is often archived in a ~/.bash_history
or ~/.history, which is not necessarily read-protected for other
users, ...
So, we would just offer the user a potential security hole ... :-(
A better option would be to offer the user to keep his password after
entering it with getpass().
--
Matthieu
- [Gnu-arch-users] move to new archive?, Neal D. Becker, 2004/03/02
- Re: [Gnu-arch-users] move to new archive?, Tom Lord, 2004/03/03
- Re: [Gnu-arch-users] move to new archive?, Tom Lord, 2004/03/03
- Re: [Gnu-arch-users] move to new archive?, Jean Helou, 2004/03/04
- Re: [Gnu-arch-users] proposal : ~/.authinfo, Tom Lord, 2004/03/11
- Re: [Gnu-arch-users] proposal : ~/.authinfo,
Matthieu Moy <=
- Re: [Gnu-arch-users] proposal : ~/.authinfo, Tom Lord, 2004/03/13
- Re: [Gnu-arch-users] proposal : ~/.authinfo, Matthieu Moy, 2004/03/13
- Re: [Gnu-arch-users] proposal : ~/.authinfo, Tom Lord, 2004/03/12
- Re: [Gnu-arch-users] proposal : ~/.authinfo, Matthieu Moy, 2004/03/12
- Re: [Gnu-arch-users] proposal : ~/.authinfo, Jason McCarty, 2004/03/13
Re: [Gnu-arch-users] move to new archive?, Charles Duffy, 2004/03/05