Re: hiding passwords

Hmmm... If you imediately write garbage to the $password variable just after it is used and before it goes out of scope, I don't see how anyone can recover it from a core dump.

Really, I can't see that as a large security risk anyway. I would be more concerned that someone untrusted had physical access to my machine in general. If a serious cracker has physical access to the machine, he ownz it.

Comment on Re: hiding passwords

Replies are listed 'Best First'.
Re^2: hiding passwords by jfroebe (Parson) on Jun 14, 2005 at 16:13 UTC
Writing garbage to the $password variable would allow for a one time login to a remote machine. I'm not even sure that there is an answer to this. The closest we've been able to figure out is to use ssh-agent prior to running the script which would allow for logins to a server that has the login by key enabled. Not all machines do for some reason here. I guess I was just hoping that someone had thought of some thing I hadn't already thought of. Jason L. Froebe Team Sybase member No one has seen what you have seen, and until that happens, we're all going to think that you're nuts. - Jack O'Neil, Stargate SG-1	[reply]

Replies are listed 'Best First'.

Re^2: hiding passwords
by jfroebe (Parson) on Jun 14, 2005 at 16:13 UTC

Writing garbage to the $password variable would allow for a one time login to a remote machine.

I'm not even sure that there is an answer to this. The closest we've been able to figure out is to use ssh-agent prior to running the script which would allow for logins to a server that has the login by key enabled. Not all machines do for some reason here.

I guess I was just hoping that someone had thought of some thing I hadn't already thought of.

Jason L. Froebe

Team Sybase member

No one has seen what you have seen, and until that happens, we're all going to think that you're nuts. - Jack O'Neil, Stargate SG-1

[reply]