cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Man page should be more specific

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 14 Dec 2007 12:21:36 +0100 (CET)

On Fri, 14 Dec 2007, Denis Bredelet wrote:

> The curl man page looks like it is necessary to specify a password on the
> command-line with the -u option. That is a security risk as someone may be
> spying on what commands are running on the system. In fact, you can just
> give a user name after -u and you will be prompted for a password when curl
> runs.

Good point, no need to file a bug report as I've now extended the man page to
mention this fact.

Oh, and also note that on most operating systems curl will hide the -u option
from process list outputs just to decrease this risk. Still, it doesn't work
all over and prompting is still safer since then the plaintext password is
even showing up on the original command line to allow someone to read it over
your shoulder...

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html

Received on 2007-12-14

This message: [ Message body ]
Next message: Yang Tse: "Re: Bug report: curl win32 ftruncate64 not working correctly."
Previous message: Denis Bredelet: "Man page should be more specific"
In reply to: Denis Bredelet: "Man page should be more specific"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]