Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 94C3399B0 for ; Fri, 3 Feb 2012 23:24:01 +0000 (UTC) Received: (qmail 81058 invoked by uid 500); 3 Feb 2012 23:24:01 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 80966 invoked by uid 500); 3 Feb 2012 23:24:00 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 80957 invoked by uid 99); 3 Feb 2012 23:24:00 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Feb 2012 23:24:00 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Feb 2012 23:23:59 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 653154F0BB; Fri, 3 Feb 2012 23:23:39 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 51370] htdigest should accept password as a command-line argument Date: Fri, 03 Feb 2012 23:23:38 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: support X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: wrowe@apache.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Status Resolution Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 https://issues.apache.org/bugzilla/show_bug.cgi?id=51370 William A. Rowe Jr. changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID --- Comment #6 from William A. Rowe Jr. 2012-02-03 23:23:38 UTC --- There is no mechanism to protect the contents of the command line from the view of all local users, which is why passwords on the command line are a fundamentally broken concept. Obviously users are welcome to apply such a patch, but shipping such a patch would be irresponsible. I'm going to reclose this as invalid because no developers disagreed when they saw this message pass by their screens. If you like, propose a "[vote] Allow command line arg passwords" to the dev@httpd.apache.org and we can see what the full consensus of the entire project is. I'm sure some users would also like to pass ssl key passphrases or user account passwords on the command line, and that should not happen either. This is one of those occasions where user desires fly in stark contrast to users well being. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org