Re: AW: The --password and clumsy users issue

From: Julian Foad <julianfoad_at_btopenworld.com>
Date: Fri, 4 Jul 2014 16:23:26 +0100

I was about to commit Ben's suggestion of changing the --password help text to

"specify a password ARG (this usually is not secure)"

as a first step that would be useful on its own regardless whether we do something more.

But then I thought about how users (myself included) tend to ignore warnings that are vague and unqualified: a "don't do that" without explaining the consequences. Does this apply to my situation?, I would wonder. It might make them/me pause for a moment, but if there's no easy way to learn why I shouldn't do X I will probably go ahead and do it.

So how about:

"specify a password ARG (insecure: on many systems,
other users can read the command-line arguments)"

Is that clear enough?

- Julian
Received on 2014-07-04 17:33:46 CEST

This message: [ Message body ]
Next message: Ivan Zhakov: "Re: svn commit: r1604421 - in /subversion/trunk: subversion/libsvn_fs_fs/ subversion/tests/cmdline/ subversion/tests/libsvn_fs_fs/ tools/server-side/svnfsfs/"
Previous message: Julian Foad: "Re: Current FSFS performance [RAW]"
In reply to: Markus Schaber: "AW: The --password and clumsy users issue"
Next in thread: Markus Schaber: "AW: AW: The --password and clumsy users issue"
Reply: Markus Schaber: "AW: AW: The --password and clumsy users issue"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]