Re: [htdig] setting uname/pword from config file?


Andrew Scherpbier (andrews@contigo.com)
Sun, 04 Jul 1999 16:20:23 -0700


Darrell Berry wrote:
>
> the -u option on htdig seems a security hole...as these command line
> options can be exposed by crafty ps options (correct?)...but they dont
> sem settable in the config file, unless i'm simply not seeing it...
>
> can these be added, if i'm correct, or can u point me at the approproate
> directives?
>
> thnx

Well, the point of not allowing the username/password to be set in the
configuration file was for security reasons; files could be read by other
users and it is all too easy to forget to properly protect the configuration
files. I think the command line arguments should probably be cleared out
when the process starts, to prevent "ps snooping".

Just my $0.02

-- 
Andrew Scherpbier <andrews@contigo.com>
Contigo Software <http://www.contigo.com/>
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig@htdig.org containing the single word "unsubscribe" in
the SUBJECT of the message.



This archive was generated by hypermail 2.0b3 on Sun Jul 04 1999 - 15:41:39 PDT