Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't use command flags for submitting password #140

Closed
RadhiFadlillah opened this issue Sep 28, 2018 · 1 comment
Closed

Don't use command flags for submitting password #140

RadhiFadlillah opened this issue Sep 28, 2018 · 1 comment
Labels
enhancement next release We will include this in the next releaase

Comments

@RadhiFadlillah
Copy link

RadhiFadlillah commented Sep 28, 2018
edited
Loading

As version 1.0.1, to create new user we have to run :

fathom register --email="john@email.com" --password="strong-password"

And according to wiki, in latest development version we have to run :

fathom user add --email="john@email.com" --password="strong-password"

This is bad because in Unix it will leave trace in .bash_history. Not to mention because the password is submitted in clear text, people that stand behind our shoulder can look and read it easily.

To fix this, you can use ReadPassword() method in package terminal. This method will accept input from the user (like fmt.Scanln) without echoing it back.

Since this is simple enough to do, I've created the PR.
@RadhiFadlillah RadhiFadlillah mentioned this issue Sep 28, 2018
Closed
@JackEllis JackEllis added the next release We will include this in the next releaase label Mar 17, 2019
@JackEllis
Copy link
Collaborator

@RadhiFadlillah Thanks for this, we'll review the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement next release We will include this in the next releaase
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JackEllis @dannyvankooten @RadhiFadlillah