decrypting input, not a file...

Paul Evad
Fri, 19 May 2000 08:25:50 -0700

At 11:49 AM +0200 5/19/00, Florian Weimer wrote:

>> $command="echo '$passphrase\n$code' | gpg -v --batch
>> --no-secmem-warning --passphrase-fd 0 --decrypt";
>> exec($command, $encrypted, $errorcode);
>On most Unix-like systems, any local user can eavesdrop the passphrase
>if you run this (and similar code) because command-line arguments are
>readable for all users.
This I know. but, if you are dealing with cycling through a database of encrypted bits of information, needing to decrypt on the fly.. short of writing everything to files (performance issue?) is there a better way? The code above is not bullet proof, but if you do not allow shell accounts on your server... well, it's 'mostly' secure ;_) - paul --------------------- Kudosnet Technologies Inc. --------------------- For a copy of our most recent newsletter send a blank email to: ---------------------------- 1-877-885-8367 --------------------------