On 02-02-06 14:29:52 CET, Robert Joop wrote: > On 02-02-06 13:13:29 CET, Sergey V. Udaltsov wrote: > > Hi all > > > > There is a little issue with the key password. I encountered that > > sometimes it is used as $pwd instead of "$pwd". So some "bad" characters > > like "#" are treated with some problems. I am not an expert in Perl so > > probably someone could say more on this problem - but the fact is that > > the system works incorrectly with "bad" passwords. Sorry, I like to > > include "#" in my passwords:) > > sorry, but i missed your "fact is that the system works incorrectly". > > it will probably be somewhere where 'system' is used with a string > instead of with an array, so that /bin/sh is let lose on the string, or > something similar. > > which version are you using?
i'm asking because the current code passes passwords through environment variables, not as command line arguments. another place where things can go wrong is on the way user - browser - httpd - CGI script, of course. can you be more specific, e.g. what password are you talking about, which function did you call (e.g. key generation on the CA)? rj _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users