Script line
Robert Schiele
rschiele@uni-mannheim.de
Tue Sep 9 11:48:02 2003
--Pk6IbRAofICFmK5e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Sep 04, 2003 at 03:34:40PM +0100, Robert Kerry wrote:
> Hi,
>=20
> Can anyone see anything wrong with this script line? It's part of a PHP
> script although should be the same in most C based languages.
>=20
>=20
> $command =3D "echo '$passphrase\n$plaintext' | gpg --clearsign --batch
> --passphrase-fd 0";
This shows your passphrase to other users on the system because they can re=
ad
your command line parameters. There is a reason why it is not possible to =
use
the passphrase as a command line parameter for GnuPG.
Robert
--=20
Robert Schiele Tel.: +49-621-181-2517
Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de
--Pk6IbRAofICFmK5e
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/V1SDxcDFxyGNGNcRAqjWAKCVuZVWA3NP84jXFW4Jjzea546m9wCdGlov
rQcfjM5sJQI2dPyHEjnvMAg=
=j7Se
-----END PGP SIGNATURE-----
--Pk6IbRAofICFmK5e--