passwordless saceserver? (for scripted access)

Ed Griffiths edgrif at sanger.ac.uk
Mon Sep 10 03:17:26 EST 2001


Tim,

> While that stops someone knowing the unhashed password, they still can
> use ps to get a command line which will gain them access, so it doesn't
> gain much.  Or am I missing something?

I'm being a twit, you are right of course.

The only safe way is for the script driving the client to supply the password
when prompted. I'm happy to leave in the command line options for those that
want them but if this happens I'll document that this is a security hole.

Your fix is in the code now so it is possible to supply the userid/passwd from
the script when prompted.

Anyone else have any thoughts ??


cheers Ed

 ------------------------------------------------------------------------
| Ed Griffiths, Acedb development, Informatics Group,                    |
|               The Sanger Centre, Wellcome Trust Genome Campus,         |
|               Hinxton, Cambridge CB10 1SA, UK                          |
|                                                                        |
| email: edgrif at sanger.ac.uk  Tel: +44-1223-494780  Fax: +44-1223-494919 |
 ------------------------------------------------------------------------





More information about the Acedb mailing list