Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: Commands with passwords as options
- X-seq: zsh-users 15800
- From: PJ Weisberg <pjweisberg@xxxxxxxxx>
- To: Julien Nicoulaud <julien.nicoulaud@xxxxxxxxx>
- Subject: Re: Commands with passwords as options
- Date: Mon, 14 Feb 2011 12:16:35 -0800
- Cc: zsh-users <zsh-users@xxxxxxx>
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=a0InwEFmvelzAt7lSeCDIMNDm9R1fONmzAqi+8xcT4g=; b=hcWhPERJUphTnHkFzRXrasiXzE/Qxogd721lQsvbLg7IbeoSDY5vrRrxAm9nwMjyTl s+/xrOlauwMh7EreSGpRjxtUa/KTaMeHnnopnoen7OU+MKkkDmp6L4lxKyNjQMJ8EZPX /1VueGuuJ9YJwAPU08dbzaqczLcVYZUX8s+So=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=BnMEZ4hxSsbt4hLiYI68bF05EkTnghwOesNn7TDFIXSZ2fA8aNjzSJfBQ4sFR1qO9V u8DT/LK9G2ZR/vv1vUeKKnjsk/ZZA5yJYEBucW4nficAALX9LcipfQlH+TpE5sd0SL0C 0AGloX6BvbNV8nysJkD1VWb2YjY7rh9UXVReg=
- In-reply-to: <AANLkTi=vmDkSaef2r-gaMK=6en=EYyCsWbVppRsPwF5r@mail.gmail.com>
- List-help: <mailto:zsh-users-help@zsh.org>
- List-id: Zsh Users List <zsh-users.zsh.org>
- List-post: <mailto:zsh-users@zsh.org>
- Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
- References: <AANLkTi=vmDkSaef2r-gaMK=6en=EYyCsWbVppRsPwF5r@mail.gmail.com>
On 2/1/11, Julien Nicoulaud <julien.nicoulaud@xxxxxxxxx> wrote:
> Some commands take passwords as option values, which is not very secure... I
> was wondering if there is some way to handle that, for example through a
> custom completer. Ideally, I here is how it should behave:
> - When reaching an option which expected value is a password, prompt for it
> and read it from stdin
> - Do not display it in the buffer (just replace it with "XXXX" for example)
> - When accepting the buffer, replace the displayed buffer with the real one
> - Save the displayed buffer in the history rather than the real one
>
> Does anyone have an idea on how to achieve this ?
>
> Regards,
> Julien
>
This strikes me as something that's so insecure that it should LOOK
insecure. Hiding it in the history file is ok, but if the password is
hidden on the command line the user will assume it's being hidden in
other ways, when that's not actually possible.
--
-PJ
Messages sorted by:
Reverse Date,
Date,
Thread,
Author