Resending my reply to the list too...
On 07/06/14 20:39, Martin Furter wrote:
> On 07/06/14 20:09, Bert Huijben wrote:
>> I'm not sure if the envvar option is really any safer than the argument
>> option, if the command line is really read from the environment block on
>> these platforms. As such I don't think having a command option for that
>> really helps.
>
> I don't know a command which shows the environment of a process as nice
> as 'ps' shows the process arguments.
>
> But on linux the environment is readable by the owner of the process
> through /proc/$PID/environ as the following commandline shows:
>
> $ PASSWORD=secret123 sh -c "tr '\\0' '\\n' < /proc/\$\$/environ" |
> grep PASSWORD
>
>> For the file solution it might be more useful to use both username and
>> password from that file.
>
> I guess the option should be named different then, maybe something like
> --auth-file or --creds-file or so.
>
> - Martin
Received on 2014-07-06 17:13:59 CEST