Labels: Type-Defect Priority-Medium
New issue 1560 by nahor.j: post-review: password should be configurable via
a config file instead of the command line
What version are you running?
Please provide any additional information below.
When using the --password parameter, the password for that user is visible
to everybody on the machine (e.g. with "ps ax" on Linux).
One should be able to set the password in configuration file, which then
can be configured to be readable only by the user running post-review. That
way there is no password leak.
I put that has a defect because it can be a big security leak, especially
when post-review is run by an automated tool like a post-commit hook. In
this setup, post-review needs to have access to the whole
repository/repositories on the server so if a user can get hold of this
password, he can circumvent any read limitation in the SCM.
This bug can be mitigated with the cookie (but then it means that every
year, the admin must remember to renew it)
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
You received this message because you are subscribed to the Google Groups
To post to this group, send email to reviewboard-iss...@googlegroups.com.
To unsubscribe from this group, send email to
For more options, visit this group at