On Tue, Jan 22, 2002 at 06:17:48PM +0100, Oliver Bleutgen wrote:
wget --proxy=off --http-user=${ZOPEUSER} --http-pass=${PASSWD} \ http://${HOST}:${PORT}/Control_Panel/Products/${prod}/manage_importObject?file=${IMPORT}
but I think I really do not have to tell you that this can not be the recommended way to go.
Dumb question, why not? What (linux-) priviledge level does one need to install a new package? If you think that installing filesystem products the way you described is secure, then I don't see why using this shellscript isn't, provided it is only readable by the right user(s).
Assuming the server has non-administrative users with login priveleges, if they run 'ps auxwww' at just the right time, they've captured all your command line arguments to wget... including your Zope administrative username and password. Python product installation doesn't carry that particular risk. One way to eliminate that possibility would be to use a browser other than wget, something that can prompt for the administrative username and password when needed, or read them from a protected file. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu