Re: [Duplicity-talk] duply shows sensitive data in process listing

[Scott Hannahs]

can't the application immediately copy the argv list to a temporary array and 
overwrite the command line arguments.  This way they do not show up in the 
process status command unless one gets a process status in the few milliseconds 
between launch and command line processing begins.

-sth

On Jan 5, 2010, at 2:52 PM, Kenneth Loafman wrote:

> Yes to both.  I'm thinking something like URL_PASSWORD/URL_USERNAME
> could be used, but we'd be better off doing away with environment vars
> anyway, and use something like a .duplicity_rc file for the defaults and
> credentials.
> 
> ...Ken
> 
> address@hidden wrote:
>> I will modify duply accordingly. Still:
>> 
>> a) Wouldn't it make sense to do the same for the username?
>> b) Also, shouldn't the FTP_PASSWORD be made deprecated and a env var
>> called URL_PASSWORD or BACKEND_PASSWORD be introduced if the variable
>> works for all backends?
>> 
>> .. ede
>> 
>> 
>> On 04.01.2010 13:17, Kenneth Loafman wrote:
>>> address@hidden wrote:
>>>> But what about the others? .. ede
>>> 
>>> All of the protocols except S3 should take the password from the
>>> environment variable FTP_PASSWORD, however, if the user specifies it in
>>> the URL, I don't know a way to obscure it from ps and friends.