Re: Commands with passwords as options

zsh-users
 help / color / mirror / code / Atom feed

From: PJ Weisberg <pjweisberg@gmail.com>
To: Julien Nicoulaud <julien.nicoulaud@gmail.com>
Cc: zsh-users <zsh-users@zsh.org>
Subject: Re: Commands with passwords as options
Date: Mon, 14 Feb 2011 12:16:35 -0800	[thread overview]
Message-ID: <AANLkTi=yqfpAuzEZvY_joEE4pg4bvcBsZ7rfGHoEgRpr@mail.gmail.com> (raw)
In-Reply-To: <AANLkTi=vmDkSaef2r-gaMK=6en=EYyCsWbVppRsPwF5r@mail.gmail.com>

On 2/1/11, Julien Nicoulaud <julien.nicoulaud@gmail.com> wrote:
> Some commands take passwords as option values, which is not very secure... I
> was wondering if there is some way to handle that, for example through a
> custom completer. Ideally, I here is how it should behave:
>  - When reaching an option which expected value is a password, prompt for it
> and read it from stdin
>  - Do not display it in the buffer (just replace it with "XXXX" for example)
>  - When accepting the buffer, replace the displayed buffer with the real one
>  - Save the displayed buffer in the history rather than the real one
>
> Does anyone have an idea on how to achieve this ?
>
> Regards,
> Julien
>

This strikes me as something that's so insecure that it should LOOK
insecure.  Hiding it in the history file is ok, but if the password is
hidden on the command line the user will assume it's being hidden in
other ways, when that's not actually possible.
-- 

-PJ

     prev parent reply	other threads:[~2011-02-14 20:16 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-01 21:15 Julien Nicoulaud
2011-02-01 21:28 ` Mikael Magnusson
2011-02-01 21:59   ` Julien Nicoulaud
2011-02-01 22:40     ` Benjamin R. Haskell
2011-02-01 22:57       ` Mikael Magnusson
2011-02-02  4:34 ` Bart Schaefer
2011-02-02 21:27   ` Julien Nicoulaud
2011-02-03  2:49     ` Bart Schaefer
2011-02-14 20:16 ` PJ Weisberg [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='AANLkTi=yqfpAuzEZvY_joEE4pg4bvcBsZ7rfGHoEgRpr@mail.gmail.com' \
    --to=pjweisberg@gmail.com \
    --cc=julien.nicoulaud@gmail.com \
    --cc=zsh-users@zsh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).