httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug MacEachern <do...@opengroup.org>
Subject Re: dbmmanage overhaul
Date Tue, 29 Jul 1997 00:02:24 GMT
Ed Korthof <ed@organic.com> wrote:

> On Mon, 28 Jul 1997, Marc Slemko wrote:
> 
> > On Mon, 28 Jul 1997, Doug MacEachern wrote:
> > > I agree, shall I turn off echo and prompt?  Or can the password still
> > > be hijacked?
> > 
> > Check out what htpasswd does.  Unfortunately, I'm not aware of a getpass()
> > for perl.
> 
> I'm not aware of a getpass(), but the following works, at least to prevent
> an echo and on Solaris and IRIX (and probably UNIX in general, though
> probably not on Win32).  First, make sure to turn off buffering...
> 
> ----------
> system("stty raw; stty -echo");
> 
> my ($c,$password);

  open STDIN, "/dev/tty";

> while ($c = getc(STDIN) and $c ne "\n" and $c ne "\r") {
>     $password .= $c;
> }
> 
> system("stty sane");
> sleep(1);
> ----------
> (the sleep 1 may be paranoid, but it seems to help avoid problems)

Looks good on hpux too, plus reading from /dev/tty as getpass() does.
The question is portabilty?  If some people could try the snippet
below, please point out any problems if you see them.  What to do for
win32, I don't know yet.

-Doug


my $Is_Win32 = $^O eq "MSWin32"; 

sub getpass {
    my $prompt = shift || "Enter password:";

    unless($Is_Win32) { 
	open STDIN, "/dev/tty" or warn "couldn't open /dev/tty $!\n";
	system "stty raw; stty -echo;";
    }

    print STDERR $prompt;
    while ($c = getc(STDIN) and $c ne "\n" and $c ne "\r") {
	$password .= $c;
    }

    unless($Is_Win32) {
	system("stty sane");
	sleep(1);
    }
    return $password;
}

my $p = getpass;
print "\nYou entered: `$p'\n";

Mime
View raw message