Frank Guangxin Liu (firstname.lastname@example.org)
Wed, 14 Jul 1999 10:44:44 -0500 (EST)
I have some ideas about this username/password thing.
We can put those information in a separate file (only
readable to root, or whoever runs the "htdig" task).
The password file can have three columns,
siteURL username password
Multiple lines are allowed so that "htdig" can dig different
sites(URL) with different username/password. This is an improvement
over the old htdig where only ONE username/password can be
We can also make a special entry for "siteURL" column, say,
a dash "-", or a word "default", which means that this line
(username/password) will be used if no matching siteURL entry
can be found for a site that requires authentication.
We can even modify the -u option to "htdig". If this option
has : in it (say username:pass), use the old way, otherwise,
treat it as the filename of the password file. If it has a
leading /, treat it as an absolute filename, otherwise, a
filename relative to CONFIG_DIR
Andrew Scherpbier wrote
>Darrell Berry wrote:
>> the -u option on htdig seems a security hole...as these command line
>> options can be exposed by crafty ps options (correct?)...but they dont
>> sem settable in the config file, unless i'm simply not seeing it...
>> can these be added, if i'm correct, or can u point me at the
>Well, the point of not allowing the username/password to be set in the
> configuration file was for security reasons; files could be read by
> users and it is all too easy to forget to properly protect the
> files. I think the command line arguments should probably be cleared out
> when the process starts, to prevent "ps snooping".
To unsubscribe from the htdig mailing list, send a message to
email@example.com containing the single word "unsubscribe" in
the SUBJECT of the message.
This archive was generated by hypermail 2.0b3 on Wed Jul 14 1999 - 08:06:33 PDT