[PHP-DEV] Re: getpass() wrapper

Tue, 20 Mar 2007 12:40:05 -0800 

Sara Golemon wrote:
I am working on a command line client (written in php, run by php-cli) and I'd like to use a password entry as in mysql client - with no echoing etc. I've found the function which I need: 

      #include <unistd.h>
      char *getpass( const char * prompt );


But in man getpass it is marked as "This function is obsolete. Do not 
use it.". More from the manpage: "Present in SUSv2, but marked LEGACY. 
Removed in POSIX.1-2001."



  Can this function be somehow included in next release of PHP, at 
least in coditional way so I can check its availability with 
function_exists? (a). Or I should patch my instance of PHP (b) or 
stick forever to a small binary written in C which then I call with 
backtick operator (c).


  What you recommend, developers of PHP ?


For one thing, I *don't* recommend wrapping obsoleted functions as a 
builtin.  You're welcome to do this in an extension, it'll even be 
welcomed in PECL, but it's not something which belongs in the mainline 
distribution.



Note that since this function produces output (to stdout -- bypassing 
PHP's output layer), you may run into problems using this with any SAPI 
other than cgi or cli (not that you would use it elsewhere anyway), and 
it'll be completely out-of-band of any uses of ob_start() and family.



I also would be inclined to doubt that this integrates with PAM, so god 
help you if you're using a distributed authentication scheme such as 
LDAP, kerberos, etc...


Anyway, in case it wasn't obvious from my steadily darkening tone,
-1 from me.

-Sara



Thank you, it seems that PECL is the proper place for such a feature / 
function, sorry that I forgot that possibility before.



Its really only for CLI - all I wanted is a safe password entry for the 
end-user, to quickly login by different user/pass as I do a lot of auth 
testing of my ordbms. By safe I mean no shell history or password 
visibility/storage anywhere, so using environment variables, parameters 
and files is out and stdin is used for other purposes.



Btw. both mysql client (where I found this function) and openssh client 
uses it, and maybe others too.



At my next code cleanup I take it PECL. Maybe not directly the getpass 
but the one from APR (apr_getpass.c) which implements some fallbacks.


Thank you once more,

Daniel.

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php















    











					Reply via email to