I'd agree with Dave on this one. Just a simple long ps listing gets you the password if its on cleartext on the command line. At least the file can be locked down via permissions. A password on the command line is pretty much insecure. Might as well not have one.
Mike -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Melanie Sent: Thursday, September 03, 2009 10:02 PM To: [email protected] Subject: Re: [Opensim-dev] ConsoleClient -pass option It's choosing the lesser evil. Melanie Dave Coyle wrote: > On Thursday 03 September 2009 03:00:46 pm wrote: >> commit 6b70b5709913e9734f5864560e997b34dfd58b85 >> Author: Justin Clark-Casey (justincc) <[email protected]> >> Date: Thu Sep 3 20:00:18 2009 +0100 >> >> * Add extra warning about using -pass in >> OpenSim.ConsoleClient.ini.example >> >> <...> >> >> + ; Please be aware that this is not secure since the password is in the >> clear + ; we recommend the use of -pass wherever possible >> ;pass = secret > > > Is the password not also in the clear, visible to any local user who does a > 'ps', if you use the -pass switch? Access to OpenSim.ConsoleClient.ini can > at > least be restricted to specific user(s). I don't see how -pass is the lesser > of the two evils. > > -coyled > > > ------------------------------------------------------------------------ > > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
