Site Navigation

Date:      Mon, 19 Jan 1998 08:37:15 -0800
From:      Don Wilde <don@partsnow.com>
To:        chas <panda@peace.com.my>
Cc:        questions@FreeBSD.ORG
Subject:   Re: security and scripts ? (was Re: Tcl/Tk tutorial recommendations?)
Message-ID:  <34C3813B.DF11EB65@partsnow.com>
References:  <3.0.32.19980118234853.00952c10@peace.com.my>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

> On that note, I was recommended Expect for scripting a webpage for
> users to change their email passwords. Is this secure ? (bit dubious
> of anything that runs with privileges to change the /etc/passwd file)
> 
> chas

and rightly so... It isn't :) Expect merely allows you to do things you
can already do with a keyboard. Then again, in the Real World, nothing
is ever secure except six feet of concrete :) Use with disgression, and
make sure the expect script itself is protected from reading, permission
100, etc., and is in a non-reachable directory.

-- 
  oooOOO O O O o * * *  *   *   *
 o     ___       _________ _________ ________ _________ _________ ___==_
 V_=_=_DW ===--- Don Wilde [don@PartsNow.com] [http://www.PartsNow.com ]
/oo0000oo-oo--oo-ooo---ooo-ooo---ooo-ooo--ooo-ooo---ooo-ooo---ooo-oo--oo


---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34C3813B.DF11EB65>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact