-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password as arguments accessible via shell history #33
Comments
I like the idea of restricting those password flags only when running this under the non-interaction option. This would have to be well documented. |
We can't restrict We can restrict |
As discussed with ToB, this isn't an issue that needs any specific action. We could tie the use of |
Forward from:
The 2020 Audit of staking-deposit-cli mentioned not allowing users to use command line arguments to specify passwords. Doing so would make the password accessible through the bash history.
A potential solution is to remove the option for mnemonic password and keystore passwords are input arguments and only allow them as inputs when running the CLI unless the user is executing with non-interactive enabled.
The text was updated successfully, but these errors were encountered: