Originally posted by ginetta
Interesting... One would assume the fact that you would have to apply a password
within the script that it could be a way of revealing passwords unnecessarily.
i don't see how the script could reveal a password if i don't put it anywhere in the script (that would be an obvious security flaw as the script file is unencrypted). i simply send the command and wait for the user to type a new password. it should be just as secure as typing 'passwd' from the command prompt, right?
i did think about the permissions and i set it so that it can only be run by root.
to me this seems like a perfectly secure situation, but then again, i am a