[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Basic Authentication for web pages

From: "Hossein S. Zadeh" <hossein bf rmit edu au>
To: pam-list redhat com
Cc: Me <wes smellycat com>
Subject: Re: Basic Authentication for web pages
Date: Thu, 4 Feb 1999 13:51:23 +1100 (EST)

On Wed, 3 Feb 1999, Scott Nelson wrote:

> Careful:  You are passing the password as part of a command line, and
> command lines are visible to the world!  Instead of using an echo command,
> you should open a pipe to the nwauth command and write the password down the
> pipe.  Not knowing php, you are on your own <g>!
> 
> >////////////////////////////////
> >function nwauth ($nwserver, $user, $pass) {
> >  $command=sprintf("echo \"%s\" | nwauth -S %s -U %s",  // parsing the
                       ^^^^^^^^^^^^^^^^^^^^^

This exactly does what you said it should do, not what you thought it
does! I.e. it opens a pipe to nwauth and "echo"s the password to nwauth's
stdin. In the code above, nwauth does not receive the password as its
command line argument; infact it doesn't even accept password in its
command line even if one tries to do so.

Am I missing something?

References:
- Re: Basic Authentication for web pages
  - From: "Scott Nelson" <sbnelson@thermeon.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []