Darrell Berry wrote:
>
> the -u option on htdig seems a security hole...as these command line
> options can be exposed by crafty ps options (correct?)...but they dont
> sem settable in the config file, unless i'm simply not seeing it...
>
> can these be added, if i'm correct, or can u point me at the approproate
> directives?
>
> thnx
Well, the point of not allowing the username/password to be set in the
configuration file was for security reasons; files could be read by other
users and it is all too easy to forget to properly protect the configuration
files. I think the command line arguments should probably be cleared out
when the process starts, to prevent "ps snooping".
Just my $0.02
--
Andrew Scherpbier <[EMAIL PROTECTED]>
Contigo Software <http://www.contigo.com/>
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED] containing the single word "unsubscribe" in
the SUBJECT of the message.
