Hi, Julian, > Von: Julian Foad [mailto:julianf...@btopenworld.com] > I was about to commit Ben's suggestion of changing the --password help text > to > > "specify a password ARG (this usually is not secure)" > > as a first step that would be useful on its own regardless whether we do > something more. > > But then I thought about how users (myself included) tend to ignore warnings > that are vague and unqualified: a "don't do that" without explaining the > consequences. Does this apply to my situation?, I would wonder. It might make > them/me pause for a moment, but if there's no easy way to learn why I > shouldn't do X I will probably go ahead and do it. > > So how about: > > "specify a password ARG (insecure: on many systems, > other users can read the command-line arguments)" > > Is that clear enough?
I fully agree with your concerns about vague warnings. But in my eyes, it is also important to point out the alternatives, so that the users have an easy way to use them. (Of course this requires that such alternatives are actually present.) Best regards Markus Schaber CODESYS(r) a trademark of 3S-Smart Software Solutions GmbH Inspiring Automation Solutions 3S-Smart Software Solutions GmbH Dipl.-Inf. Markus Schaber | Product Development Core Technology Memminger Str. 151 | 87439 Kempten | Germany Tel. +49-831-54031-979 | Fax +49-831-54031-50 E-Mail: m.scha...@codesys.com | Web: http://www.codesys.com | CODESYS store: http://store.codesys.com CODESYS forum: http://forum.codesys.com Managing Directors: Dipl.Inf. Dieter Hess, Dipl.Inf. Manfred Werner | Trade register: Kempten HRB 6186 | Tax ID No.: DE 167014915
