[Python-Dev] [OT] Re: getpass and stdin
spotter at cs.columbia.edu
Tue Feb 26 20:14:56 CET 2008
Charles Cazabon wrote:
> Shaya Potter <spotter at cs.columbia.edu> wrote:
>> Leif Walsh wrote:
>>> On Tue, Feb 26, 2008 at 12:43 PM, Shaya Potter <spotter at cs.columbia.edu> wrote:
>>>> the -p <PASSWD> option is not good on multi user systems
>>>> the -p <PASSFILE> option is not particularly good on NFS based systems
>>>> (have to trust every user on every machine with access to NFS share)
>>> You seem somehow both worried about security, yet too lazy to type in
>>> your password. I think at some point, one of those concerns is going
>>> to have to give.
> That was exactly what I've been telling this user on the getmail mailing list
> for the last week. Apologies that he's decided to bother you with it.
1) I am willing to type in the password, which is obvious to anyone who
can read a simple script. That just doesn't work for a program you want
to run in the background to type it in every time.
2) I was trying to understand why python made it's design decision, I
don't need you apologizing for me trying to understand that (and I do
ave a better understanding now)
For those who want the background to make up their own minds about why I
Charles is the author of a program called getmail that is used for
fetching email. - generally to fetch email you need a password.
getmail will either read a passowrd in via getpass() or read it from a
file. however, storing the password in a file is out of the question
in this case (NFS), but reading the password in is fine, I'm not
concerned with a threat of it being read out of memory.
However, getmail doesn't have a daemon mode, charles recommends using
the password in a file + cron, which I'd be fine with if I could store
the password in a file. However, as I can't, I wanted to daemonize it
via a script (already posted), that reads in a password from stdin and
passes it to getmail via its stdout and getmail's stdin.
However, that doesn't work with getpass() which getmail uses, and
Charles isn't willing to change his program (it's his program he's
allowed to do with it what he wants).
I cam here after examining the python code and being confused by it and
wanting to understand the design decision that went into it, as I sort
of do now as I said in my last real email on the subject "understand the
eating stdin aspect"
That's it. Personally, I debated sending this email (don't need to
waste people's time), but I don't appreciate being called out in public
as Charles did when in truth while my question was spurred on by getmail
it was something I was generally interested in understanding as well.
More information about the Python-Dev