Sean,
I'm already prompting the user for a password using password_prompt.
The issue isn't showing the password when the user _enters_ it, the
issue is that the password shows up in the capistrano log when the
command is executed.
i.e.
>> pass = Capistrano::CLI.password_prompt('secret password:')
>> run "mysql -p #{pass}"
secret password:
{USER ENTERS FOO}
* executing "mysql -p FOO" <--- there it is in plaintext!
I'm wondering how capistrano manages to get around this for sudo
passwords, which look like:
* executing "sudo -p 'sudo password: ' some_command" <--- obfuscated
On Apr 1, 6:18 am, Sean Cribbs <[EMAIL PROTECTED]> wrote:
> Andrew,
>
> The -p option on sudo provides the prompt for the password, not the
> actual password. This helps Capistrano tell when sudo is prompting for
> a password. If you don't want the password to be echoed to the screen,
> require the cap user to type in the password on starting your recipe or
> when necessary to execute any given command.
>
> Sean Cribbs
>
> Andrew McClain wrote:
> > There are a couple of times in my deploy scripts where I need to ask
> > for passwords; However, in the cap log output, I see those passwords
> > in plain text.
>
> > I've been poking around the code to see how Cap displays " * executing
> > "sudo -p 'sudo password: '...", and all I can find is the sudo_prompt
> > method which looks like it displays the obfuscated 'sudo password: '
> > when it can't find the :sudo_prompt symbol...
>
> > Can anyone explain how this mechanism works? Or, an alternate method
> > from preventing my password from showing up in my terminal history?
--~--~---------~--~----~------------~-------~--~----~
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/capistrano
-~----------~----~----~----~------~----~------~--~---
