https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
Philip <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #2 from Philip <[email protected]> 2011-06-14 17:21:42 UTC --- I've acknowledged in the original post that passing a password on the command line is insecure. However, a good program allows the user to trade convenience for security. As I said, in my particular situation, there is no security issue -- it's a personal laptop and I am the only user logged in. Some well-known command-line programs *optionally* accept a password on the command line. Two off the top of my head: MySQL's official command-line client (with the -p option) and PostgreSQL's official command-line client (with the conninfo string). The intended audience of 'htdigest' is not a soccer mom; it's presumably a system/web administrator who's using it on a command line of a Unix-based system. If they need to use htdigest in a script, we should make it convenient for them. How about if I update the usage info and the manpage to indicate that passing a password on the command line is not recommended for security reasons? -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
