[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Devel] Re: CVS update: skolelinux/src/webmin-ldap-skolelinux index.cgi
Am Donnerstag, den 28 August hub Petter Reinholdtsen folgendes in die Tasten:
> > @@ -85,6 +85,11 @@
> > if ($in{'editpw'}){
> > ldap_mod_user ($in{'userUid'}, $rootpw,$rootdn,
> > $basedn, 'userPassword', "{crypt}" .&gen_crypt($in{'editpw'})) ;
> > + if ($config{'sambasync'})
> > + {
> > + # update samba password, too
> > + run_script("smb_create.pl", latin1($in{'userUid'})->utf8, $in{'editpw'}, $rootpw);
> > + }
> Programs should never give password on the command line when starting
> other programs. The arguments are visible to other users (using ps,
> top, reading /proc/*, etc), so any user on the system can read the
> passwords. The password arguments should be passed on using the
> environment or stdin.
I know that.
I just copied that piece of code from another place in the same file...
(I just wanted a working solution at that moment and I hope the next
version of the WLS does not contain something like that :-))
Ciao
Max