Skip to content

Dangerous behavior to keep user and password in a command instead of a protected secret file #8

New issue
New issue
Open
Open
Dangerous behavior to keep user and password in a command instead of a protected secret file#8
@sub3stinger

Description

@sub3stinger
sub3stinger
opened on Jul 13, 2020

Since
AUTH="--user=${USERNAME} --password=${PASSWORD}"
will expose the user and password information in the system by ps and in the command history, strongly suggested to rewrite related code by using wgetrc or other ways for downloading the files in the data hubs.
Especially for those large files, the user and password is visible through easy ps ax | grep wget which is very dangerous.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions