This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [RFC] Add login to remote protocol
- From: Mark Kettenis <mark dot kettenis at xs4all dot nl>
- To: stan at codesourcery dot com
- Cc: gdb-patches at sourceware dot org
- Date: Sat, 10 Apr 2010 10:50:10 +0200 (CEST)
- Subject: Re: [RFC] Add login to remote protocol
- References: <4BBFA9E1.1020609@codesourcery.com>
> Date: Fri, 09 Apr 2010 15:27:45 -0700
> From: Stan Shebs <stan@codesourcery.com>
>
> This patch is somewhat more specialized than the tracepoint stuff, but
> may be of wider interest, so we offer it for your consideration. It
> adds a login capability to the remote protocol; the user sets a username
> and password in GDB, then upon connection to a target that requires
> them, GDB supplies the two. It is completely up to the target what do
> with them, for instance it could simply close the connection in response
> to a bad login.
>
> The design is simple, and not especially secure, as the password is sent
> in the clear - it's mostly appropriate for direct connections or secured
> intranets. We don't do anything to conceal the password from the
> console, but one could add a non-echoing reader, and write a password
> show that kept it concealed.
Sorry, but I think that an authentication protocol that sends
passwords in cleartext is worse than no authentication at all.