Re: [PATCH]: Add --password-file and --password-envvar

From: Ben Reser <ben_at_reser.org>
Date: Mon, 07 Jul 2014 15:03:19 -0700

On 7/6/14 5:16 AM, Martin Furter wrote:
> Attached is a log message and a patch which adds the new options
> '--password-file' and '--password-envvar'. It also adds Julians warning to the
> '--password' help text.

I veto (-1) --password-envar (and peters follow-up suggestion of a hard-coded
environment variable). As several other people have shown the environment of a
running program is often just as available as the command line arguments. The
whole point of this exercise is to improve the security of the manner in which
we allow passwords to be provided in order to guide users to make good choices.
We're not achieving anything if we only provide them with new insecure choices.
Received on 2014-07-08 00:03:48 CEST

This message: [ Message body ]
Next message: Martin Furter: "Re: [PATCH]: Add --password-file and --password-envvar"
Previous message: Peter Samuelson: "Re: [PATCH]: Add --password-file and --password-envvar"
In reply to: Martin Furter: "[PATCH]: Add --password-file and --password-envvar"
Next in thread: Martin Furter: "Re: [PATCH]: Add --password-file and --password-envvar"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]