httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dave madden <...@paradigm.webvision.com>
Subject Re: could someone update the mod_auth_external.c with the new one
Date Sun, 04 Aug 1996 20:54:10 GMT
 =>From: Nathan Neulinger <nneul@umr.edu>
 =>...
 =>On a side note, I would like to be able to pipe the authentication data
 =>into the external routine, but I don't see any clean way to do that in the
 =>code. The reason is, uising environment variables works great for some
 =>architectures, but is as insecure as using the command line for others
 =>(i.e. sys v based where you can list environment in ps command.)
 =>
 =>Would it be better to use a pipe or to write the authentication data out to
 =>a temporary file, and pass the temporary file on the command line, then
 =>remove the file when done? This actually might work better on all
 =>architectures, but it means more i/o.

Why is the authentication data sensitive?  Certainly, the password or
whatever you use to authenticate should be protected, but all an
external program needs to know is whom the auth module believes the
user to be.  (In case it's not clear, I'm saying "pass the user
identification, but not the password, in the environment.")

Using a pipe, or writing the auth data to a file that the external
program must somehow read, introduces unnecessary complexity.

d.

Mime
View raw message