Re: Checking user's password correctness under Mac OS X
- From: "Steve W. Jackson" <stevewjackson@xxxxxxxxxxx>
- Date: Wed, 05 Oct 2005 17:07:43 -0500
In article <joe-FE7644.15023605102005@xxxxxxxxxxxxxxxxxxxxxxxx>,
Joe Strout <joe@xxxxxxxxxx> wrote:
> In article <1128543313.285509.176560@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
> "Pascal" <pascalchiotasso@xxxxxxxx> wrote:
>
> > Is there a way to check that a string (entered by the user) is the
> > correct Mac OS X password of the user?
>
> I suppose you could pipe it to sudo via the Shell class.
>
> - Joe
>
> ,------------------------------------------------------------------.
> | Joseph J. Strout Check out the Mac Web Directory: |
> | joe@xxxxxxxxxx http://www.macwebdir.com |
> `------------------------------------------------------------------'
And it's entirely possible that doing so will risk exposing it should
anyone else be able to access the machine while such a process is
running. I don't recall a URL just now, but a week or so back I came
across a discussion of this same flaw existing in some popular cleanup
programs (Cocktail is one of these types, though I can't recall if it
suffers this problem). The web page I visited showed precisely how the
password could be obtained.
= Steve =
--
Steve W. Jackson
Montgomery, Alabama
.
- Follow-Ups:
- References:
- Checking user's password correctness under Mac OS X
- From: Pascal
- Re: Checking user's password correctness under Mac OS X
- From: Joe Strout
- Checking user's password correctness under Mac OS X
- Prev by Date: Re: RealBasic license
- Next by Date: Major memory leak
- Previous by thread: Re: Checking user's password correctness under Mac OS X
- Next by thread: Re: Checking user's password correctness under Mac OS X
- Index(es):
