Full_Name: Richard Ellerbrock Version: 1.2.6 OS: RedHat 6.0 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (196.7.101.194) I am running automatic batch updates using ldapmodify onto an NDS LDAP server. This works great, but to do the update I need to authenticate as the Admin user (root in unix speak). Well, doing a ps -ef allows anybody to see the password during the update process. Have the development team thought of modifying the process display to blank out the password. I have seen other applications do this - MySQL is one of them.
At 07:14 AM 11/15/99 GMT, richarde@eskom.co.za wrote: >Full_Name: Richard Ellerbrock >Version: 1.2.6 >OS: RedHat 6.0 >URL: ftp://ftp.openldap.org/incoming/ >Submission from: (NULL) (196.7.101.194) > > >I am running automatic batch updates using ldapmodify onto an NDS LDAP server. >This >works great, but to do the update I need to authenticate as the Admin user (root > >in unix speak). Well, doing a ps -ef allows anybody to see the password during >the update process. Have the development team thought of modifying the process >display to blank out the password. I have seen other applications do this - >MySQL >is one of them. Thanks for the suggestion. We'll put this into the queue. Kurt ---- Kurt D. Zeilenga <kurt@boolean.net> Net Boolean Incorporated <http://www.boolean.net/>
moved from Incoming to Software Enhancements
On Wed, 17 Nov 1999, kurt@boolean.net wrote: > At 07:14 AM 11/15/99 GMT, richarde@eskom.co.za wrote: > >Full_Name: Richard Ellerbrock [...] > >in unix speak). Well, doing a ps -ef allows anybody to see the password during > >the update process. Have the development team thought of modifying the process > >display to blank out the password. I have seen other applications do this - > >MySQL is one of them. > > Thanks for the suggestion. We'll put this into the queue. Sendmail is another such application that can modify its appearance in the process table; problem is, not all platforms support this capability (eg., SunOS 4.x does, SunOS 5.x doesn't) which means you'd still need some other method to "protect" other platforms... dave
David J N Begley wrote: > > On Wed, 17 Nov 1999, kurt@boolean.net wrote: > > > At 07:14 AM 11/15/99 GMT, richarde@eskom.co.za wrote: > > >Full_Name: Richard Ellerbrock > [...] > > >in unix speak). Well, doing a ps -ef allows anybody to see the password during > > >the update process. Have the development team thought of modifying the process > > >display to blank out the password. I have seen other applications do this - > > >MySQL is one of them. > > > > Thanks for the suggestion. We'll put this into the queue. > > Sendmail is another such application that can modify its appearance in the > process table; problem is, not all platforms support this capability (eg., > SunOS 4.x does, SunOS 5.x doesn't) which means you'd still need some other > method to "protect" other platforms... A number of applications within OpenLDAP use setproctitle() (when it's supported by the underlying OS). We need to use it in more sitituations. Kurt -- Kurt D. Zeilenga <kurt@boolean.net> Net Boolean Incorporated <http://www.boolean.net/>
changed notes changed state Open to Closed
Devel code provides this feature.