In article <CAGqmV7quYp1k-LM=GXnwOgSUpUEfnWZPWc6z=smuhbidyff...@mail.gmail.com> coolthec...@gmail.com writes: > As I see it, at the end of the day, cleartext password / token / > ssh-key would be saved anyway, if you need to have it to work in an > automated way. > Most convenient for me would be having: > a) --pasword-file=... command option > b) SVN_PASSWORD environment variable > > both of them should not be hard to implement and both provide access > to current and/or root user, compared to current implementation, when > running "ps aux" to reveal --password=... param executed by any user > (this param could be at least googled fast and majority of people > won't go deep into crafting simple auth file themselves).
Environment variables passed by a parent can be seen by others, too. Some implementation of ps(1) utility has an option to display it. Also, procfs on Linux provide /proc/$pid/environ. I don't think there is a safe way that a process kicked by cron can get credentials but other processes which have same privilage can't get them. Cheers, -- Yasuhito FUTATSUKI <futat...@yf.bsdclub.org>
