Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:28498 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 96396 invoked by uid 1010); 20 Mar 2007 20:38:55 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 96381 invoked from network); 20 Mar 2007 20:38:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Mar 2007 20:38:55 -0000 X-Host-Fingerprint: 147.229.212.212 a03-0106a.kn.vutbr.cz Received: from [147.229.212.212] ([147.229.212.212:25551] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 52/58-21779-24540064 for ; Tue, 20 Mar 2007 15:34:10 -0500 To: internals@lists.php.net,Sara Golemon Message-ID: <4600453D.8020500@rozsnyo.com> Date: Tue, 20 Mar 2007 21:34:05 +0100 User-Agent: Thunderbird 1.5.0.10 (X11/20070313) MIME-Version: 1.0 References: <7D.10.33476.19FAEF54@pb1.pair.com> <46002299.9030100@php.net> In-Reply-To: <46002299.9030100@php.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Posted-By: 147.229.212.212 Subject: Re: getpass() wrapper From: daniel@rozsnyo.com (Daniel Rozsnyo) Sara Golemon wrote: >> I am working on a command line client (written in php, run by >> php-cli) and I'd like to use a password entry as in mysql client - >> with no echoing etc. I've found the function which I need: >> >> #include >> char *getpass( const char * prompt ); >> >> But in man getpass it is marked as "This function is obsolete. Do not >> use it.". More from the manpage: "Present in SUSv2, but marked LEGACY. >> Removed in POSIX.1-2001." >> >> Can this function be somehow included in next release of PHP, at >> least in coditional way so I can check its availability with >> function_exists? (a). Or I should patch my instance of PHP (b) or >> stick forever to a small binary written in C which then I call with >> backtick operator (c). >> >> What you recommend, developers of PHP ? >> > For one thing, I *don't* recommend wrapping obsoleted functions as a > builtin. You're welcome to do this in an extension, it'll even be > welcomed in PECL, but it's not something which belongs in the mainline > distribution. > > Note that since this function produces output (to stdout -- bypassing > PHP's output layer), you may run into problems using this with any SAPI > other than cgi or cli (not that you would use it elsewhere anyway), and > it'll be completely out-of-band of any uses of ob_start() and family. > > I also would be inclined to doubt that this integrates with PAM, so god > help you if you're using a distributed authentication scheme such as > LDAP, kerberos, etc... > > Anyway, in case it wasn't obvious from my steadily darkening tone, > -1 from me. > > -Sara Thank you, it seems that PECL is the proper place for such a feature / function, sorry that I forgot that possibility before. Its really only for CLI - all I wanted is a safe password entry for the end-user, to quickly login by different user/pass as I do a lot of auth testing of my ordbms. By safe I mean no shell history or password visibility/storage anywhere, so using environment variables, parameters and files is out and stdin is used for other purposes. Btw. both mysql client (where I found this function) and openssh client uses it, and maybe others too. At my next code cleanup I take it PECL. Maybe not directly the getpass but the one from APR (apr_getpass.c) which implements some fallbacks. Thank you once more, Daniel.