[Opensim-dev] ConsoleClient -pass option

Dr Scofield DrScofield at xyzzyxyzzy.net
Fri Sep 4 08:18:42 UTC 2009 

Dickson, Mike (ISS Software) wrote:
> I'd agree with Dave on this one.  Just a simple long ps listing gets you the password if its on cleartext on the command line.  At least the file can be locked down via permissions.  A password on the command line is pretty much insecure. Might as well not have one.

...unless you rewrite argv (which is standard practise for stuff like that).

	DrS/dirk

> 
> Mike
> 
> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Melanie
> Sent: Thursday, September 03, 2009 10:02 PM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] ConsoleClient -pass option
> 
> It's choosing the lesser evil.
> 
> Melanie
> 
> 
> Dave Coyle wrote:
>> On Thursday 03 September 2009 03:00:46 pm  wrote:
>>> commit 6b70b5709913e9734f5864560e997b34dfd58b85
>>> Author: Justin Clark-Casey (justincc) <jjustincc at googlemail.com>
>>> Date:   Thu Sep 3 20:00:18 2009 +0100
>>>
>>>     * Add extra warning about using -pass in
>>> OpenSim.ConsoleClient.ini.example
>>>
>>> <...>
>>>
>>> +    ; Please be aware that this is not secure since the password is in the
>>> clear +    ; we recommend the use of -pass wherever possible
>>>      ;pass = secret
>>
>> Is the password not also in the clear, visible to any local user who does a 
>> 'ps', if you use the -pass switch?  Access to OpenSim.ConsoleClient.ini can at 
>> least be restricted to specific user(s).  I don't see how -pass is the lesser 
>> of the two evils.
>>
>> -coyled
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev


-- 
dr dirk husemann ---- virtual worlds research ---- ibm zurich research lab
SL: dr scofield ---- drscofield at xyzzyxyzzy.net ---- http://xyzzyxyzzy.net/
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/

More information about the Opensim-dev mailing list