Carsten Aulbert <carsten@???> writes:
> Thus what about
>
> --- postinst.OLD 2013-08-16 14:58:23.200329988 +0200
> +++ postinst 2013-08-16 14:59:44.527315268 +0200
> @@ -15,7 +15,7 @@
> db_get mythtv/mysql_mythtv_user
> mythtv_username="$RET"
> db_get mythtv/mysql_mythtv_password
> - mythtv_password="$RET"
> + mythtv_password=$( echo "$RET" | sed 's#/#\\/#g' )
>
> db_stop
>
> as I've got no test mythweb setup available right now, I cannot fully
> test it.
Maybe a more simple solution.
In the postinst script for the mythtv-common package the password for
mythtv/mysql_mythtv_password is generated with 'pwgen -s 8' if the user
don't enter a password.
1) I don't think user put a / in a password often.
2) All cases I've seen (2) was with generated password.
3/ A solution is to use pwgen without -s and maybe with more characters
(12).
"pwgen -s" is :
,----
| s, --secure
| Generate completely random, hard-to-memorize passwords. These should only be used for machine passwords, since otherwise it's almost guaranteed that users will simply write the password on a piece of paper taped to the monitor...
`----
What do you think ?
Christian
