passwordless saceserver? (for scripted access)

Tim Cutts timc at chiark.greenend.org.uk
Wed Sep 5 03:23:31 EST 2001


In article <3B93A5D3.AA782B22 at sanger.ac.uk>,
Ed Griffiths  <edgrif at sanger.ac.uk> wrote:
>happy to add code to saceclient to allow the userid/passwd to be specified on
>the command line using  "-userid your_userid -passwd  your_passwd". I saw Tims
>fix to the code which I will check and add to our source code, but I think the
>command line options is a cleaner solution.

It's insecure that way; the complete command line (including userid and
password) is then visible to any user on the system using ps.  It's far
preferable from a security point of view to be able to supply the user
ID and/or password on standard input.

Of course, if you add the command line options and my patch, users have
the choice to use either method (which is what, for example, the isql
client for Sybase does).

Tim.

-- 
"It is the job of Sales and Marketing to insulate those who know what
they're talking about from each other"
  -- I know who said this, but I'm not telling.





More information about the Acedb mailing list