[X2go-dev] --password option for pyhoca-cli
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Tue May 17 11:58:29 CEST 2011
Hi all,
pyhoca-cli is a Python command-line client for X2go based on
python-x2go. Initially there was a --password option with the script
that allowed to script X2go session and pass-on a cleartext password.
Heinz made me aware of the security breach concerning clear text
passwords at the command-line (ps aux | grep --password, I complete
was unaware of that at that time... ashame...). On his request I had
removed the option from the code, immediately.
However, inspired bei the rdesktop command (which allows a --password
cmd arg) I added code to pyhoca-cli that allows to give --password at
the command line or from within scripts without risking security (I
hope). pyhoca-cli now rewrites the process title as shown in ps aux
output and replaces the actual password by "XXXXXXX".
I would be greatful if someone with Python knowlegde could cross-check
the following commits:
http://code.x2go.org/gitweb?p=pyhoca-cli.git;a=commitdiff;h=3ec0c5db1f8eb5c03d8aeeb2a2a09257ac691e81
http://code.x2go.org/gitweb?p=pyhoca-cli.git;a=commitdiff;h=bdf71da2a41cbcd042c61db71d3c2bf38a0a80a3
Thanks,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110517/5e598a4d/attachment.pgp>
More information about the x2go-dev
mailing list