Opened 6 years ago
Last modified 4 years ago
#3551 new enhancement
Please use env vars instead of cmd line parameters for credentials
| Reported by: | frankie | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 7.8.3 |
| Component: | Addons | Version: | unspecified |
| Keywords: | r.in.srtm.region | Cc: | |
| CPU: | Unspecified | Platform: | Unspecified |
Description
Note that username and password are visible to all users by using simple commands which list running processes. That is not a good thing o do, it would be better using a pair of environment variables instead.
Change History (6)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
Ops, sorry I missed the module, which is an addon: r.in.srtm.region (and eventually r.in.srtm when updated for use of credentials).
comment:3 by , 6 years ago
It's not that easy. Setting env variables for Windows users is not so common as for *nix'ers. IMHO a correct solution would be to accept both – env variables and command line parameters + add an explanation in documentation. Thus on typical single user Windows boxes nothing would change, but multiuser *nix users will be able to not expose their credentials by using env vars.
comment:4 by , 6 years ago
| Component: | Default → Addons |
|---|---|
| Keywords: | r.in.srtm.region added |
| Type: | defect → enhancement |
Suggestion: The best way might be to use a password file. A standard approach for this is used by e.g. i.modis:
See "netrc" related code here:
Note: Credentials are obtained from such a .netrc file also by wget, ftp and other software.
comment:6 by , 4 years ago
| Milestone: | → 7.8.3 |
|---|
Please indicate to which processes you refer to, thanks (ideally, also add as keyword(s)).