httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51370] htdigest should accept password as a command-line argument
Date Fri, 03 Feb 2012 23:23:38 GMT

William A. Rowe Jr. <> changed:

           What    |Removed                     |Added
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID

--- Comment #6 from William A. Rowe Jr. <> 2012-02-03 23:23:38 UTC ---
There is no mechanism to protect the contents of the command line from the view
of all local users, which is why passwords on the command line are a
fundamentally broken concept.

Obviously users are welcome to apply such a patch, but shipping such a patch
would be irresponsible.

I'm going to reclose this as invalid because no developers disagreed when they
saw this message pass by their screens.

If you like, propose a "[vote] Allow command line arg passwords" to the and we can see what the full consensus of the entire
project is.

I'm sure some users would also like to pass ssl key passphrases or user account
passwords on the command line, and that should not happen either.  This is one
of those occasions where user desires fly in stark contrast to users well

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message