We use the command line interface (CLI) a lot, but the authentication creates a big security hole.
hole 1) CLI requires the user's password for each command.
To write a script, many people embed their passwords in the script. (Really bad).
Better is to put the password in a file readable only by the user, but this is still a cleartext password.
hole 2) CLI requires the users's password to be passed on the command line, where anyone can see it with ps(1)
I think (2) is a defect in CLI.
Does anyone have a better solution than a cleartext file for part (1) ?
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.