[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AW: The --password and clumsy users issue

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: Fri, 4 Jul 2014 16:23:26 +0100

I was about to commit Ben's suggestion of changing the --password help text to

  "specify a password ARG (this usually is not secure)"

as a first step that would be useful on its own regardless whether we do something more.

But then I thought about how users (myself included) tend to ignore warnings that are vague and unqualified: a "don't do that" without explaining the consequences. Does this apply to my situation?, I would wonder. It might make them/me pause for a moment, but if there's no easy way to learn why I shouldn't do X I will probably go ahead and do it.

So how about:

  "specify a password ARG (insecure: on many systems,
  other users can read the command-line arguments)"

Is that clear enough?

- Julian
Received on 2014-07-04 17:33:46 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.