passwordless saceserver? (for scripted access)

Tim Cutts timc at chiark.greenend.org.uk
Wed Sep 5 08:17:37 EST 2001


In article <3B95E76D.A2FDD99F at sanger.ac.uk>,
Ed Griffiths  <edgrif at sanger.ac.uk> wrote:
>
>Your patch is in the code.

Coo, fame at last.  :-)

>An alternative would be for the saceclient to accept the userid and hashed
>userid/passwd as command line arguments, this way only encrypted stuff would
>appear on the command line. I already supply a utility to do the hashing and I
>could make this more friendly as required. That way scripts that use saceclient
>via a pipe could just use my utility to create the hash and bobs your uncle.

While that stops someone knowing the unhashed password, they still can
use ps to get a command line which will gain them access, so it doesn't
gain much.  Or am I missing something?

Tim.

-- 
"It is the job of Sales and Marketing to insulate those who know what
they're talking about from each other"
  -- I know who said this, but I'm not telling.





More information about the Acedb mailing list