[Opensim-dev] ConsoleClient -pass option
Dickson, Mike (ISS Software)
mike.dickson at hp.com
Fri Sep 4 03:06:11 UTC 2009
I'd agree with Dave on this one. Just a simple long ps listing gets you the password if its on cleartext on the command line. At least the file can be locked down via permissions. A password on the command line is pretty much insecure. Might as well not have one.
Mike
-----Original Message-----
From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Melanie
Sent: Thursday, September 03, 2009 10:02 PM
To: opensim-dev at lists.berlios.de
Subject: Re: [Opensim-dev] ConsoleClient -pass option
It's choosing the lesser evil.
Melanie
Dave Coyle wrote:
> On Thursday 03 September 2009 03:00:46 pm wrote:
>> commit 6b70b5709913e9734f5864560e997b34dfd58b85
>> Author: Justin Clark-Casey (justincc) <jjustincc at googlemail.com>
>> Date: Thu Sep 3 20:00:18 2009 +0100
>>
>> * Add extra warning about using -pass in
>> OpenSim.ConsoleClient.ini.example
>>
>> <...>
>>
>> + ; Please be aware that this is not secure since the password is in the
>> clear + ; we recommend the use of -pass wherever possible
>> ;pass = secret
>
>
> Is the password not also in the clear, visible to any local user who does a
> 'ps', if you use the -pass switch? Access to OpenSim.ConsoleClient.ini can at
> least be restricted to specific user(s). I don't see how -pass is the lesser
> of the two evils.
>
> -coyled
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev
More information about the Opensim-dev
mailing list