Johannes Schindelin wrote:
Hi,
On Thu, 10 Jul 2008, Jeff King wrote:
On Wed, Jul 09, 2008 at 01:43:07PM +0200, Johannes Schindelin wrote:
Note that http://user:pass@server/path/ /should/ work (but that
would need validation), though not a good idea on command line.
Well, now that the programs using URLs are all builtins, we can
actually do something about it. We can edit out the "user[:pass]@"
part out of argv, which usually means that "ps" will not see it
anymore.
Wouldn't there still be a race condition for publicly broadcasting your
password via ps?
Yes. For a brief amount of time, but yes.
BTW I thought I remembered one program xxx'ing out the password via argv,
but unfortunately I do not remember which one it was.
The mysql client does (or did) it, although perhaps only on systems that
support it.
--
Andreas Ericsson andreas.ericsson@xxxxxx
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
