Enhance Security: Hide Password Input in CLI Login Command #13
Labels
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
Comments
SevanBadal
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the
boxlogin and register command requires users to input their email and password in a single line (box login <email> <password>). This approach exposes the password in plaintext, which is a security risk. It can be seen in command line history, process lists, and potentially logs, making it vulnerable to unauthorized access.Proposed Change:
Refactor the box login command to enhance security:
Change Command Structure: Modify the box login command to only require the email as an initial input (
box login <email>).Prompt for Password: After the email is entered, the CLI should prompt the user to enter their password. This prompt should not echo the password back to the screen to ensure it remains hidden.
The text was updated successfully, but these errors were encountered: