Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: Commands with passwords as options

X-seq: zsh-users 15753
From: Julien Nicoulaud <julien.nicoulaud@xxxxxxxxx>
To: Mikael Magnusson <mikachu@xxxxxxxxx>
Subject: Re: Commands with passwords as options
Date: Tue, 1 Feb 2011 22:59:27 +0100
Cc: zsh-users <zsh-users@xxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=bt3uD4ee5H0Y3go3wiVR/Dgkmu6sTLBZNpCkf/QbNCM=; b=yIDMEK3S10yFEROjTBIHN67nAa3duEPK84Jta6vcMzKYzlYKcS4ZIrWjdeTiejDwc7 ORO4aCmvlqlXCm71/yoBd4XML2BTKXD8WqIjRW2hE0ElJrSrG5KFaexePW87bE5p23zJ aMSFP3yCOzG3NImd1C0LdpwivU66a/PXLoncY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=vXZXAKxxfmAPPxhRTue9Wy+zmQyCm9oKxF/Q7u5DtcjLO3LgTeZAnTU5t1CKEgPL+d AhBuT4Jay0Wzx5bE0g+8G68sAIrCtttExLgSGS00M/qasr2mLtUEq4NkVjhDwIu2K3jn V3ix7hzlI4JCDyknGgboUT4b+xqQd9RyXKwt0=
In-reply-to: <AANLkTik-C+PD67k2FTySFCfpcZe4yTfDTWwRWp9DaB5A@mail.gmail.com>
List-help: <mailto:zsh-users-help@zsh.org>
List-id: Zsh Users List <zsh-users.zsh.org>
List-post: <mailto:zsh-users@zsh.org>
Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
References: <AANLkTi=vmDkSaef2r-gaMK=6en=EYyCsWbVppRsPwF5r@mail.gmail.com> <AANLkTik-C+PD67k2FTySFCfpcZe4yTfDTWwRWp9DaB5A@mail.gmail.com>

OK, but at least it is hidden from the shell "UI". Take it as
"man-looking-over-your shoulder" protection :-) For example you show
something to  someone, you do a backward history search and a command with a
clear text password you forgot to exclude from history pops out...

2011/2/1 Mikael Magnusson <mikachu@xxxxxxxxx>

> On 1 February 2011 22:15, Julien Nicoulaud <julien.nicoulaud@xxxxxxxxx>
> wrote:
> > Some commands take passwords as option values, which is not very
> secure... I
> > was wondering if there is some way to handle that, for example through a
> > custom completer. Ideally, I here is how it should behave:
> >  - When reaching an option which expected value is a password, prompt for
> it
> > and read it from stdin
> >  - Do not display it in the buffer (just replace it with "XXXX" for
> example)
> >  - When accepting the buffer, replace the displayed buffer with the real
> one
> >  - Save the displayed buffer in the history rather than the real one
> >
> > Does anyone have an idea on how to achieve this ?
>
> That doesn't actually achieve anything, the password is still visible
> in /proc/<pid>/cmdline.
>
> --
> Mikael Magnusson
>

Follow-Ups:
- Re: Commands with passwords as options
  - From: Benjamin R. Haskell

References:
- Commands with passwords as options
  - From: Julien Nicoulaud
- Re: Commands with passwords as options
  - From: Mikael Magnusson

Messages sorted by: Reverse Date, Date, Thread, Author