in reply to How about a module for "passwords"?

my $password = $ARGV[0]; has been working fine in my password-sensitive scripts for ages.

Cheers,
ibanix

$ echo '$0 & $0 &' > foo; chmod a+x foo; foo;

Replies are listed 'Best First'.
Re: Re: How about a module for "passwords"?
by grantm (Parson) on Jan 25, 2003 at 10:43 UTC
    my $password = $ARGV[0]; has been working fine in my password-sensitive scripts for ages.

    The smiley appears to be missing from the end of that line :-)

    For those who are thinking of following this advice, be aware that having your script accept the password as a command line argument means that the plaintext password will be visible to anyone looking over your shoulder, anyone who can run the ps command, anyone who can read your shell's command history file etc, etc, etc.

[reply]
[d/l]
Re: Re: How about a module for "passwords"?
by ibanix (Hermit) on Jan 25, 2003 at 10:10 UTC
    I just had to add:

    protected media or non-file storage of some kind, prompt the user via low-Tempest GUI with integrated keyboard-logging spoofing

    If you need this level of security or have assests worthy of this type of costly attack, you should be investing in anti-surveilence equipment. Fit the security to the risk.

    ibanix

    $ echo '$0 & $0 &' > foo; chmod a+x foo; foo;
[reply]
[d/l]
      I just wanted to show an extreme "serious security" example.

      And that's what NAI's PGP for Windows does, BTW.

[reply]

In Section Meditations