Need a way to prevent custom object variables (e.g. password) from going into environment

[Ethan Galstad]

sean finney wrote:
> hey guys,
> 
> On Tue, 2007-01-02 at 21:21 -0600, Ethan Galstad wrote:
>>> Still have the problem of how to make the custom variable useful
>>> though since it can't be on the command line for the same reason.
>>>
>>> 				-- rouilj
>>> John Rouillard
>> Yeah, probably the only safe way to do it would be to pass the name of a 
>> file (which contains the password, etc. and is locked down) to the 
>> command that's being run.  As you noted, command lines and environment 
>> vars are viewable by other processes/people.
> 
> just fyi, there was a similar-but-slightly-broader-scoped discussion on
> the nagios-plugins devel list a few months back.  the consensus is that
> we'll be extending the core plugins and probably providing hooks  for
> 3rd party plugins to use an updated configuration file format
> (orthogonal to the checkcommands stuff) which will let the admin specify
> additional cmdline arguments which will then be fed to getopt without
> being put on the command line.  so you could have something like:
> 
> 
> [check_mysql]
> 	user=root
> 	password=supersecret
> 
> and so on.
> 
> while there might still be an argument for passing/hiding custom
> variables through nagios' config, i thought i should mention this so we
> don't have multiple groups of people doing the same but slightly
> different thing seperately.
> 
> 
> 
> 	sean

Thanks for the heads-up Sean!


Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV