Re: [dev] [ii] exposed password on process monitoring

From: Ivan Kanakarakis <ivan.kanak_AT_gmail.com>
Date: Fri, 20 Apr 2012 02:50:17 +0300

On 20 April 2012 02:24, Connor Lane Smith <cls_AT_lubutu.com> wrote:

> On 19 April 2012 23:51, Connor Lane Smith <cls_AT_lubutu.com> wrote:
> > In my opinion the -h flag
> > should be made mandatory, with no default host.
>
> Sorry, it's -h in sic, -s in ii (which is confusing, too.)
>
> On 20 April 2012 00:19, Nico Golde <nico_AT_ngolde.de> wrote:
> > I don't really like putting that in a file.
>
> Well, in bash you could just 'ii -k <<< pass'.
>
> > I'm more in favor of something simpler as the following currently:
>
> > If if you don't want to leak your password use the environment variable
> and not -k then...
>
> Why didn't I think of that? I'd rather something like $IIPASS (which
> better describes its function), but other than that I totally support
> this approach.
>
>
I would like IRCPASS even more, which would make
the var unrelated to the app, thus also usable in eg. sic.

however if one wants to connect to more than one server
and has a different password for that other server then
the env var doesn't help, scriptwise talking.
ofcourse one can reset the var and invoke the new ii isntance,
but if you're doing that in a script and you don't want to be
including the passwd within the script then this cant work.

well, what I have in mind with that ^ is something like:
  $ IRCPASS="fooo" connect.sh
and connect.sh fires up two ii instances to connect to
two different server which need a different password.

I think a nice thing to do that would also resolve the
naming choice would be to have -k or some other argument
mean that ii should read the -k flag as an env var. so
  $ ii -k IRCPASS
would getenv("IRCPASS"), and
  $ ii -k OFTCPASS
would getenv("OFTCPASS")
etc

so now the hypothetical connect.sh script
can be invoke as:
  $ OFTCPASS="fooo" FRNDPASS="baaar" connect.sh
and connect.sh knows that
  % if [ "$server" = "freenode" ]; then passwd=FRNDPASS
  % elif [ "$server" = "oftc" ];then passwd=OFTCPASS
  % fi
  % ii -k "$passwd"
or something along that

I think it's flexible :D
surely there are workaround to the above "problem"
but just making an alternative though here


Thanks,
> cls
>
>


-- 
*Ivan c00kiemon5ter V Kanakarakis*  >:3
Received on Fri Apr 20 2012 - 01:50:17 CEST

This archive was generated by hypermail 2.3.0 : Fri Apr 20 2012 - 02:00:16 CEST