in reply to Question of safe data passing...

Only truly safe way:
  1. Print the http request headers to a log file.
  2. Tell the user to wait.
  3. You, sitting at console, read the log file.
  4. You, write the request to the server which prompts you for the username and password (which you type in).
  5. The server hands back the results in a log file.
  6. You cat back the results to the end user.
Fairly straight forward. Very secure.
Possible problems:
  1. Your hits per second will suck (until you get really fast).
  2. This is still susceptible to you being kidnapped and tortured for the password that is only in your head.
  3. Even if you are not kidnapped and beaten, you will die from exhaustion only hours after you IPO.
There might be another way, but to do it without suid... I'd love to see it (and use it).

my @a=qw(random brilliant braindead); print $a[rand(@a)];

Replies are listed 'Best First'.
Re: Re: Question of safe data passing...
by frankus (Priest) on Apr 27, 2001 at 18:19 UTC

    Please, could you put a large flashing sign saying this is not a practical solution, just in case one of our point-haired managers sees it.

    I say this after jokingly saying backups would be a lot faster if performed on /dev/null rather than /dev/rmt0 .

    Yours last backed up in December 2001

    Brother Frankus.

[reply]
      What do you mean it's not practical? {grin}

      my @a=qw(random brilliant braindead); print $a[rand(@a)];
[reply]

In Section Seekers of Perl Wisdom