On Wed, Feb 23, 2011 at 03:43, Marc-André Moreau <marcandre.mor...@gmail.com> wrote: ... > Passing the password on the command line is an obvious security problem: > awake@workstation:~/git/freerdp_integration> ps aux | grep xfreerdp > awake 13005 0.7 0.0 48240 3784 pts/1 Sl+ 22:39 0:00 > /home/awake/git/freerdp_integration/X11/.libs/xfreerdp -u Administrator -p > Password123! -d AWAKECODING 192.168.1.150 > awake 13049 0.0 0.0 7668 808 pts/3 S+ 22:39 0:00 grep > xfreerdp > In systems with multiple users, a simple "ps aux" can reveal the password in > plaintext. I've heard that the original password could be overwritten, but > this still has the drawback of not hiding the password length, and to still > reveal the password in plaintext in between the time the program is > launched and the time the program overwrites the password. > We can probably implement the feature of overwriting the original password, > but maybe we should implement some mechanism to dynamically prompt the > password in a secure manner. Any suggestions?
I think we need both. To hide the password we can "mangle" argc vector. HAL does it and smbclient too. About dynamically asking I think we can just ask user and make it into a buffer before connecting. Another feature that an user asked me is the possibility to read it from a file (that can be made readable by the user only) and pipe. -- Otavio Salvador O.S. Systems E-mail: ota...@ossystems.com.br http://www.ossystems.com.br Mobile: +55 53 9981-7854 http://projetos.ossystems.com.br ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
