httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: dbmmanage overhaul
Date Mon, 28 Jul 1997 06:30:20 GMT
On Sun, 27 Jul 1997, Doug MacEachern wrote:

> So what should I do with this?  If it were to replace dbmmange.new, it
> does everything it does now, plus:
> 
> -tie to AnyDBM_File which will use one of DB_File, NDBM_File or
>  GDBM_File (-ldb, -lndbm, -lgdbm) (trying each in that order)

Does this work fine on systems that don't have all of them around?

> 
> -provide much better seed for rand
> 
> -add `check' command to check a users' password

Don't like.  Passwords cleartext on command line bad.  Yea, yea, yea...
dbmmanage has done it since the beginning of time and will forever more,
but I would like to see a move away from it.  You may consider it a
trivial risk, but it can be very significant if someone finds a way to
block reads on the dbm with a lock or something so they can check a ps
output.

What, you mean this isn't Netware where anyone can put a lock on a
read-only file that will prevent everyone else from logging in?  <g>

I figure that since we have someone silly enough to do something with
a bit of code, perhaps we can trick them into doing a lot more
than they intended... <g>

I think you keep posting it here until the magic of voting starts.  You
need to know the right magic words to make it start.  I have no idea what
they are.

You can colour me a +1 on the idea of replacing dbmmanage and/or
dbmmanage.new, but haven't had time to look at the implementation yet.


Mime
View raw message