[
https://issues.apache.org/jira/browse/KNOX-519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14356933#comment-14356933
]
Larry McCay commented on KNOX-519:
----------------------------------
Hi [~andreina] - thank you for taking on this task.
It looks like you replaced the existing functionality with the prompting of the
password.
While this is clearly more secure, there are cases where the System.console is
not available and usecases where scripting requires the previous behavior for
specifying the password on the commandline. It is something that we should do
our best to avoid but is necessary at times. There are existing scripts and
tools that are using that behavior in use in the field and we can't break them.
My suggestion is that we leave the --value behavior exactly the same.
After the command has line has been fully parsed - if there is no password
value set that we then prompt the user if the System.console is available. If
it is not available we error out.
--value should not be on the command line if we are going to prompt. If it is
on the command line and there is no specified value then it is an user error.
Again, thank you for your contribution here - it will be a useful one.
> [Security] Prompt user to provide password, rather providing as an argument
> to knoxcli cmd
> ------------------------------------------------------------------------------------------
>
> Key: KNOX-519
> URL: https://issues.apache.org/jira/browse/KNOX-519
> Project: Apache Knox
> Issue Type: Bug
> Reporter: J.Andreina
> Attachments: KNOX-519.1.patch
>
>
> Related to KNOX-497
> During creation of alias password is been passed as an argument which can be
> avoided.
> Prompt user to provide password .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
