This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Command line API: How to not expose passwords?

3 posts / 0 new

Topic locked

Last post

#1 Tue, 11/10/2009 - 03:10

bengtan

Command line API: How to not expose passwords?

I'm scripting Virtualmin GPL using the command line API and ran into a security related issue.

In order to use commands such as create-domain, modify-domain etc., I have to supply passwords on the command line ie. virtualmin --pass password.

But ...

Such passwords are transiently available if some other normal shell user happens to run 'ps -ef' at the same time.

So, any thoughts on how I can work around this?

Is there an equivalent of mysql's -p parameter which accepts passwords via stdin?

#2 Tue, 11/10/2009 - 09:08

andreychek

Howdy,

That's a good question, and while I'm not aware of a way to do that now -- I bet Jamie would be happy to either steer you in the right direction, or code up a solution if there isn't one :-)

What I'd recommend is filing a request using the Support link above, saying exactly what you did in your post here, and Jamie will work with you to come up with a good solution.

-Eric

#3 Tue, 11/10/2009 - 20:35

bengtan

Filed a support issue at:

https://www.virtualmin.com/node/12275

Thank you.

Topic locked