httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51370] htdigest should accept password as a command-line argument
Date Tue, 14 Jun 2011 17:21:42 GMT

Philip <> changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |

--- Comment #2 from Philip <> 2011-06-14 17:21:42 UTC ---
I've acknowledged in the original post that passing a password on the command
line is insecure.  However, a good program allows the user to trade convenience
for security.  As I said, in my particular situation, there is no security
issue -- it's a personal laptop and I am the only user logged in.

Some well-known command-line programs *optionally* accept a password on the
command line.  Two off the top of my head: MySQL's official command-line client
(with the -p option) and PostgreSQL's official command-line client (with the
conninfo string).

The intended audience of 'htdigest' is not a soccer mom; it's presumably a
system/web administrator who's using it on a command line of a Unix-based
system.  If they need to use htdigest in a script, we should make it convenient
for them.

How about if I update the usage info and the manpage to indicate that passing a
password on the command line is not recommended for security reasons?

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message