httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug MacEachern <do...@opengroup.org>
Subject Re: dbmmanage overhaul
Date Mon, 28 Jul 1997 12:32:29 GMT
Marc Slemko <marcs@worldgate.com> wrote:

> On Sun, 27 Jul 1997, Doug MacEachern wrote:
> 
> > So what should I do with this?  If it were to replace dbmmange.new, it
> > does everything it does now, plus:
> > 
> > -tie to AnyDBM_File which will use one of DB_File, NDBM_File or
> >  GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order)
> 
> Does this work fine on systems that don't have all of them around?

Yes, they just need to have one of them.

> > 
> > -provide much better seed for rand
> > 
> > -add `check' command to check a users' password
> 
> Don't like.  Passwords cleartext on command line bad.  Yea, yea, yea...
> dbmmanage has done it since the beginning of time and will forever more,
> but I would like to see a move away from it.  You may consider it a
> trivial risk, but it can be very significant if someone finds a way to
> block reads on the dbm with a lock or something so they can check a ps
> output.
> 
> What, you mean this isn't Netware where anyone can put a lock on a
> read-only file that will prevent everyone else from logging in?  <g>
> 
> I figure that since we have someone silly enough to do something with
> a bit of code, perhaps we can trick them into doing a lot more
> than they intended... <g>

I agree, shall I turn off echo and prompt?  Or can the password still
be hijacked?

-Doug



Mime
View raw message