httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: Passing passwords to CGI
Date Wed, 04 Aug 1999 13:55:20 GMT

On Wed, 4 Aug 1999, Graham Leggett wrote:

> > IMHO Your POST is just a work around the fact that you have to re-compile.
> 
> True, yes, but also to prevent passwords being picked up by ps -e by
> people on the box.

I fear that by the time you allow something spawned from apache to get at
the password, be it by and env() variable, or on the STDIN, in either case
you have already a hole so big that you _have_ to trust esentially all
users which can enter commands. 

I just think that the problem it is not worth such a hacky trick; a normal
directive is about as far as I would go.

Dw


Mime
View raw message