decrypting input, not a file...
Paul Evad
pevad@kudosnet.com
Fri, 19 May 2000 08:25:50 -0700
At 11:49 AM +0200 5/19/00, Florian Weimer wrote:
>> $command="echo '$passphrase\n$code' | gpg -v --batch
>> --no-secmem-warning --passphrase-fd 0 --decrypt";
>> exec($command, $encrypted, $errorcode);
>
>On most Unix-like systems, any local user can eavesdrop the passphrase
>if you run this (and similar code) because command-line arguments are
>readable for all users.
This I know.
but, if you are dealing with cycling through a database of encrypted
bits of information, needing to decrypt on the fly.. short of writing
everything to files (performance issue?) is there a better way?
The code above is not bullet proof, but if you do not allow shell
accounts on your server... well, it's 'mostly' secure ;_)
- paul
--------------------- Kudosnet Technologies Inc. ---------------------
For a copy of our most recent newsletter send a blank email to:
mailto:latestnews@kudosnet.net
---------------------------- 1-877-885-8367 --------------------------