Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think what OP meant was closer to "if it could have been entered into the bash history than there's other ways it could be seen".

Most CLI programs that need sensetive information as input should either do it interactively (a la sudo), as standard input, or configuration file. If worst comes to very worst, you can put the sensitive info in a text file and use backticks. For example:

  some-command --username=jedimastert --password=`cat secret.txt`


> some-command --username=jedimastert --password=`cat secret.txt`

This will not work in the way that you suggest. The output of ps will show the result of `cat secret.txt` and thus reveal the password.


Would it? Poo. That's my bad.


How would backticks help with hiding it from ps?


I thought that's how it would show up in ps. Apparently I was incorrect. :(




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: