Right. That gets around the issue. BTW, if the server is running SNMP or something that gives access to the process list this problem can leak outside the local machine. I don't for sure but I'm guessing you could have the same issue in Windows with WMI.
IMO, the right answer is to dump the consoles, beef up the XML/RPC admin interface and if desired do a separate "console app" that parses and sends the XML/RPC to the server. I've been noodling on that but still struggling with a stable config with the new "BUST" architecture. Mike -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dr Scofield Sent: Friday, September 04, 2009 3:19 AM To: [email protected] Subject: Re: [Opensim-dev] ConsoleClient -pass option Dickson, Mike (ISS Software) wrote: > I'd agree with Dave on this one. Just a simple long ps listing gets you the > password if its on cleartext on the command line. At least the file can be > locked down via permissions. A password on the command line is pretty much > insecure. Might as well not have one. ...unless you rewrite argv (which is standard practise for stuff like that). DrS/dirk > > Mike > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Melanie > Sent: Thursday, September 03, 2009 10:02 PM > To: [email protected] > Subject: Re: [Opensim-dev] ConsoleClient -pass option > > It's choosing the lesser evil. > > Melanie > > > Dave Coyle wrote: >> On Thursday 03 September 2009 03:00:46 pm wrote: >>> commit 6b70b5709913e9734f5864560e997b34dfd58b85 >>> Author: Justin Clark-Casey (justincc) <[email protected]> >>> Date: Thu Sep 3 20:00:18 2009 +0100 >>> >>> * Add extra warning about using -pass in >>> OpenSim.ConsoleClient.ini.example >>> >>> <...> >>> >>> + ; Please be aware that this is not secure since the password is in the >>> clear + ; we recommend the use of -pass wherever possible >>> ;pass = secret >> >> Is the password not also in the clear, visible to any local user who does a >> 'ps', if you use the -pass switch? Access to OpenSim.ConsoleClient.ini can >> at >> least be restricted to specific user(s). I don't see how -pass is the >> lesser >> of the two evils. >> >> -coyled >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Opensim-dev mailing list >> [email protected] >> https://lists.berlios.de/mailman/listinfo/opensim-dev > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev > _______________________________________________ > Opensim-dev mailing list > [email protected] > https://lists.berlios.de/mailman/listinfo/opensim-dev -- dr dirk husemann ---- virtual worlds research ---- ibm zurich research lab SL: dr scofield ---- [email protected] ---- http://xyzzyxyzzy.net/ RL: [email protected] - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/ _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev _______________________________________________ Opensim-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/opensim-dev
