On 08.06.2012 14:45, Eugene Crosser wrote: > No, if it's empty duplicity will prompt for it. Which is exactly the > problem that needs fixing. >
actually this would need a different bug report as it is not covered by "duplicity shows sensitive data in process listing" also i am not sure this is worth the trouble as setting an env var is essentially as safe as using .netrc on most platforms providing the script/crontab where it's set in has correct files system permissions to be protected. a. could you open a new bug please? b. suggest in the new topic a way to solve this from your point of view? keep in mind that duplicity is supposed to be usable interactively as well (restoring on a new machine etc.), so the password prompt generally makes sense. how about checking for existence of FTP_PASSWORD and prompt if it's not defined? ..ede/duply.net -- You received this bug notification because you are a member of duplicity-team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/504423 Title: duplicity shows sensitive data in process listing Status in Duplicity - Bandwidth Efficient Encrypted Backup: Confirmed Bug description: If credentials are given in the command line url parameter these show up in 'ps' e.g. /usr/bin/duplicity --verbosity 4 --encrypt-key FD3846C2 --sign-key FD3846C2 --gpg-options= --exclude-globbing-filelist /root/.duply/bkp/exclude /backup/ ftp://<user>:<PASSWORT>@<backupserver>/backup suggestion is to introduce env vars URL_PASSWORD/URL_USERNAME and to keep FTP_PASSWORD for ftp backend only and backward compatibility. The fact that FTP_PASSWORD can be used with nearly all backend is afaik not documented. Even so duply 1.5.1.4+ will use it until this bug is resolved. for the future a config file based auth as mentioned in http://lists.gnu.org/archive/html/duplicity-talk/2010-01/msg00032.html could make sense. .. ede To manage notifications about this bug go to: https://bugs.launchpad.net/duplicity/+bug/504423/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~duplicity-team Post to : duplicity-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~duplicity-team More help : https://help.launchpad.net/ListHelp
