[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] duply shows sensitive data in process listing
From: |
Scott Hannahs |
Subject: |
Re: [Duplicity-talk] duply shows sensitive data in process listing |
Date: |
Tue, 5 Jan 2010 21:51:54 -0500 |
can't the application immediately copy the argv list to a temporary array and
overwrite the command line arguments. This way they do not show up in the
process status command unless one gets a process status in the few milliseconds
between launch and command line processing begins.
-sth
On Jan 5, 2010, at 2:52 PM, Kenneth Loafman wrote:
> Yes to both. I'm thinking something like URL_PASSWORD/URL_USERNAME
> could be used, but we'd be better off doing away with environment vars
> anyway, and use something like a .duplicity_rc file for the defaults and
> credentials.
>
> ...Ken
>
> address@hidden wrote:
>> I will modify duply accordingly. Still:
>>
>> a) Wouldn't it make sense to do the same for the username?
>> b) Also, shouldn't the FTP_PASSWORD be made deprecated and a env var
>> called URL_PASSWORD or BACKEND_PASSWORD be introduced if the variable
>> works for all backends?
>>
>> .. ede
>>
>>
>> On 04.01.2010 13:17, Kenneth Loafman wrote:
>>> address@hidden wrote:
>>>> But what about the others? .. ede
>>>
>>> All of the protocols except S3 should take the password from the
>>> environment variable FTP_PASSWORD, however, if the user specifies it in
>>> the URL, I don't know a way to obscure it from ps and friends.
- [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, edgar . soldin, 2010/01/04
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Tim Riemenschneider, 2010/01/04
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, edgar . soldin, 2010/01/04
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Kenneth Loafman, 2010/01/04
- Re: [Duplicity-talk] duply shows sensitive data in process listing, edgar . soldin, 2010/01/05
- Re: [Duplicity-talk] duply shows sensitive data in process listing, Kenneth Loafman, 2010/01/05
- Re: [Duplicity-talk] duply shows sensitive data in process listing,
Scott Hannahs <=
- Re: [Duplicity-talk] duply shows sensitive data in process listing, edgar . soldin, 2010/01/06
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, Evan Jeffrey, 2010/01/28
- Re: [Duplicity-talk] duply shows sensitive data in process listing / ftp passwords are not escaped, duplicity crashes, edgar . soldin, 2010/01/28