Re: Better code in mythweb.postinst

Página superior

Responder a este mensaje
Autor: Christian Marillat
Fecha:  
A: dmo-discussion
Asunto: Re: Better code in mythweb.postinst
Carsten Aulbert <carsten@???> writes:

> Thus what about
>
> --- postinst.OLD        2013-08-16 14:58:23.200329988 +0200
> +++ postinst    2013-08-16 14:59:44.527315268 +0200
> @@ -15,7 +15,7 @@
>         db_get mythtv/mysql_mythtv_user
>         mythtv_username="$RET"
>         db_get mythtv/mysql_mythtv_password
> -       mythtv_password="$RET"
> +       mythtv_password=$( echo "$RET" | sed 's#/#\\/#g' )

>
>         db_stop

>
> as I've got no test mythweb setup available right now, I cannot fully
> test it.


Maybe a more simple solution.

In the postinst script for the mythtv-common package the password for
mythtv/mysql_mythtv_password is generated with 'pwgen -s 8' if the user
don't enter a password.

1) I don't think user put a / in a password often.

2) All cases I've seen (2) was with generated password.

3/ A solution is to use pwgen without -s and maybe with more characters
(12).

"pwgen -s" is :

,----
| s, --secure
|               Generate completely random, hard-to-memorize passwords.  These should only be used for machine passwords, since otherwise it's almost guaranteed that users will simply write the password on a piece of paper taped to the monitor...

`----

What do you think ?

Christian