|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Damien Miller (djm_at_mindrot.org)
Date: Wed Jan 08 2003 - 21:48:30 CST
Crist J. Clark wrote:
> Any program that asks for a password on the command line should have
> the common decency to overwrite/obfuscate it, along the lines of,
>
> case 'p':
> passwd = optarg;
> optarg = "********";
> break;
>
> So that it doesn't show up in any "ps" output.
That works only for OSs which support argv clobbering - it is by no
means portable and shouldn't be depended on for security.
-d
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]