Hi all,
pyhoca-cli is a Python command-line client for X2go based on
python-x2go. Initially there was a --password option with the script
that allowed to script X2go session and pass-on a cleartext password.
Heinz made me aware of the security breach concerning clear text
passwords at the command-line (ps aux | grep --password, I complete
was unaware of that at that time... ashame...). On his request I had
removed the option from the code, immediately.
However, inspired bei the rdesktop command (which allows a --password
cmd arg) I added code to pyhoca-cli that allows to give --password at
the command line or from within scripts without risking security (I
hope). pyhoca-cli now rewrites the process title as shown in ps aux
output and replaces the actual password by "XXXXXXX".
I would be greatful if someone with Python knowlegde could cross-check
the following commits:
http://code.x2go.org/gitweb?p=pyhoca-cli.git;a=commitdiff;h=3ec0c5db1f8eb5c0... http://code.x2go.org/gitweb?p=pyhoca-cli.git;a=commitdiff;h=bdf71da2a41cbcd0...
Thanks, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
-
Mike Gabriel