Re: spice-client: "-w password" (on the command line) is a security risk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(If possible, please preserve the 704229-forwarded address in any replies.)

I reported the following bug to the Debian bug tracker, but realized it
should probably just be forwarded upstream.

Rob Browning <rlb@xxxxxxxxxxxxxxxx> writes:

> Package: spice-client
> Version: 0.11.0-1
>
> I think the spice client should probably support some other way of
> specifying the password since putting it on the command line makes it
> visible to any other users on the system.
>
> A reasonable alternative might be "--password-file foo".

(cf. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704229)

Thanks
-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]