在命令行中隐藏密码字段
[英]Hiding password field in command line
问题描述
I am writing a system service on FreeBSD where I need to take user credentials to verify identity, something like this: 
我正在FreeBSD上编写系统服务,我需要获取用户凭据来验证身份,如下所示:
./compression_bin -i <input_file> --type=<type> --password=<secret key>
Here, the secret key is used to authenticate user before compressing the given file. 在此,密钥用于在压缩给定文件之前对用户进行身份验证。 Currently, the secret key shows up in history which is bad and can be exploited. 当前,秘密密钥显示在历史记录中,这是不好的并且可以被利用。 Is there a way where above can be invoked without displaying password field: 有没有一种方法可以在不显示密码字段的情况下调用上述方法:
./compression_bin -i <input_file> --type=<type> --password=*********
1 个解决方案
解决方案1
4 已采纳 2019-04-19 19:59:50
The history will always record the text of the commands as they were issued. 历史记录将始终记录发出的命令文本。 You could conceivably go back and modify the history file, but not only is that nasty, it still affords a window within which the password can be read. 可以想象,您可以返回并修改历史记录文件,但不仅如此,它还提供了一个可读取密码的窗口。
Moreover, that's not even the easiest exploit. 而且,这甚至不是最简单的方法。 If the password is given on the command line then there are other ways it can be read while the command is running, such as from the output of the ps command, which is accessible to all users. 如果在命令行上提供了密码,那么在命令运行时还有其他方式可以读取它,例如从ps命令的输出中,所有用户都可以访问。
So don't take the password as a command-line argument. 因此,请勿将密码用作命令行参数。 Read it from a file or from the standard input or from a socket, or some other such thing. 从文件,标准输入,套接字或其他类似的东西中读取它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.