[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Basic Authentication for web pages



On Wed, 3 Feb 1999, Scott Nelson wrote:

> Careful:  You are passing the password as part of a command line, and
> command lines are visible to the world!  Instead of using an echo command,
> you should open a pipe to the nwauth command and write the password down the
> pipe.  Not knowing php, you are on your own <g>!
> 
> >////////////////////////////////
> >function nwauth ($nwserver, $user, $pass) {
> >  $command=sprintf("echo \"%s\" | nwauth -S %s -U %s",  // parsing the
                       ^^^^^^^^^^^^^^^^^^^^^

This exactly does what you said it should do, not what you thought it
does! I.e. it opens a pipe to nwauth and "echo"s the password to nwauth's
stdin. In the code above, nwauth does not receive the password as its
command line argument; infact it doesn't even accept password in its
command line even if one tries to do so.

Am I missing something?



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []