Re: [dev] [ii] exposed password on process monitoring

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Truls Becken <truls.becken_AT_gmail.com>
Date: Thu, 19 Apr 2012 18:34:02 +0200

On 2012-04-19, at 17:54, Ivan Kanakarakis wrote:

> I guess some possible workarounds would be
> - reading the passwd from an environmental var (is that any safer?)
> - reading the passwd from a file (overkill ?)
> - ?
>
> what do you people think ?
> should this be 'fixed' in ii ?

$ ii &
$ cat ~/irc/freenode_login_script > ~/irc/irc.freenode.net/in

No need for the program to implement password support at all really.
Perhaps ii would suck less if this was just removed?

>> Mind, the password is sent in the clear, so anyone on the same network
>> segment, or otherwise in the way, can read it anyhow.
>
> true, does the ssl patch provide any encryption for that ?

Yes.

-Truls
Received on Thu Apr 19 2012 - 18:34:02 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 19 2012 - 18:36:06 CEST