httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51370] htdigest should accept password as a command-line argument
Date Fri, 03 Feb 2012 23:23:38 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370

William A. Rowe Jr. <wrowe@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID

--- Comment #6 from William A. Rowe Jr. <wrowe@apache.org> 2012-02-03 23:23:38 UTC ---
There is no mechanism to protect the contents of the command line from the view
of all local users, which is why passwords on the command line are a
fundamentally broken concept.

Obviously users are welcome to apply such a patch, but shipping such a patch
would be irresponsible.

I'm going to reclose this as invalid because no developers disagreed when they
saw this message pass by their screens.

If you like, propose a "[vote] Allow command line arg passwords" to the
dev@httpd.apache.org and we can see what the full consensus of the entire
project is.

I'm sure some users would also like to pass ssl key passphrases or user account
passwords on the command line, and that should not happen either.  This is one
of those occasions where user desires fly in stark contrast to users well
being.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message