[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

AW: AW: The --password and clumsy users issue

From: Markus Schaber <m.schaber_at_codesys.com>
Date: Mon, 7 Jul 2014 06:46:37 +0000

Hi, Julian,

> Von: Julian Foad [mailto:julianfoad_at_btopenworld.com]
> I was about to commit Ben's suggestion of changing the --password help text
> to
> "specify a password ARG (this usually is not secure)"
> as a first step that would be useful on its own regardless whether we do
> something more.
> But then I thought about how users (myself included) tend to ignore warnings
> that are vague and unqualified: a "don't do that" without explaining the
> consequences. Does this apply to my situation?, I would wonder. It might make
> them/me pause for a moment, but if there's no easy way to learn why I
> shouldn't do X I will probably go ahead and do it.
> So how about:
> "specify a password ARG (insecure: on many systems,
> other users can read the command-line arguments)"
> Is that clear enough?

I fully agree with your concerns about vague warnings. But in my eyes,
it is also important to point out the alternatives, so that the users
have an easy way to use them.

(Of course this requires that such alternatives are actually present.)

Best regards

Markus Schaber

CODESYS(r) a trademark of 3S-Smart Software Solutions GmbH

Inspiring Automation Solutions

3S-Smart Software Solutions GmbH
Dipl.-Inf. Markus Schaber | Product Development Core Technology
Memminger Str. 151 | 87439 Kempten | Germany
Tel. +49-831-54031-979 | Fax +49-831-54031-50

E-Mail: m.schaber@codesys.com | Web: http://www.codesys.com | CODESYS store: http://store.codesys.com
CODESYS forum: http://forum.codesys.com

Managing Directors: Dipl.Inf. Dieter Hess, Dipl.Inf. Manfred Werner | Trade register: Kempten HRB 6186 | Tax ID No.: DE 167014915
Received on 2014-07-07 08:47:11 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.