On 7/6/14 5:16 AM, Martin Furter wrote: > Attached is a log message and a patch which adds the new options > '--password-file' and '--password-envvar'. It also adds Julians warning to the > '--password' help text.
I veto (-1) --password-envar (and peters follow-up suggestion of a hard-coded environment variable). As several other people have shown the environment of a running program is often just as available as the command line arguments. The whole point of this exercise is to improve the security of the manner in which we allow passwords to be provided in order to guide users to make good choices. We're not achieving anything if we only provide them with new insecure choices.
