Hi all,pyhoca-cli is a Python command-line client for X2go based on python-x2go. Initially there was a --password option with the script that allowed to script X2go session and pass-on a cleartext password. Heinz made me aware of the security breach concerning clear text passwords at the command-line (ps aux | grep --password, I complete was unaware of that at that time... ashame...). On his request I had removed the option from the code, immediately.
However, inspired bei the rdesktop command (which allows a --password cmd arg) I added code to pyhoca-cli that allows to give --password at the command line or from within scripts without risking security (I hope). pyhoca-cli now rewrites the process title as shown in ps aux output and replaces the actual password by "XXXXXXX".
I would be greatful if someone with Python knowlegde could cross-check the following commits:
http://code.x2go.org/gitweb?p=pyhoca-cli.git;a=commitdiff;h=3ec0c5db1f8eb5c03d8aeeb2a2a09257ac691e81 http://code.x2go.org/gitweb?p=pyhoca-cli.git;a=commitdiff;h=bdf71da2a41cbcd042c61db71d3c2bf38a0a80a3 Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: [email protected], http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpiAcvv88mzb.pgp
Description: Digitale PGP-Unterschrift
_______________________________________________ X2go-dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
