[Spice-devel] spice-client: "-w password" (on the command line) is a security risk
Rob Browning
rlb at defaultvalue.org
Sun Apr 7 19:16:49 PDT 2013
(If possible, please preserve the 704229-forwarded address in any replies.)
I reported the following bug to the Debian bug tracker, but realized it
should probably just be forwarded upstream.
Rob Browning <rlb at defaultvalue.org> writes:
> Package: spice-client
> Version: 0.11.0-1
>
> I think the spice client should probably support some other way of
> specifying the password since putting it on the command line makes it
> visible to any other users on the system.
>
> A reasonable alternative might be "--password-file foo".
(cf. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704229)
Thanks
--
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
More information about the Spice-devel
mailing list