On Dec 11, 2015, at 2:59 AM, Daniel Dumitriu <daniel.dumit...@gmail.com> wrote: > > the documentation (e.g. fossil clone) mentions this > possibility for ssh URL's ([userid[:password]@]host), so in my opinion > either fossil passes the password further to plink
Interesting. It has a -pw flag for this. (That is, “interesting” in the ancient Chinese curse sense.) > (it cannot do this on > Linux to ssh, since that one has no password argument) Yes, on purpose. Standard Linux distros allow any user to snoop on the command line arguments to any other user’s process. A password argument will also get logged in your shell’s history file, in the sudo log, etc. Password flags are a horrible idea if you care about security, which presumably you *do* if you’re using SSH. (Else, just use HTTP, no “S”.) That is all just as true on Windows: the process table is walkable by normal user processes (e.g. Task Manager), PowerShell and the Cygwin shells keep a command history, etc. Therefore, the use of plink -pw is highly suspect on Windows. Why can’t you just use SSH keys? The wish for automated login without leaking passwords is exactly the problem they solve. (And they solve additional problems, like the relatively low entropy of most user passwords.) > remove this altogether from documentation. Agreed. > Side note: as for the security risk, I agree in principle, but since the > user has already decided to type in his password on fossil's command > line, the evil is there and passing it to plink makes it no worse. A password interactively typed into ssh/plink is as secure as the box it’s running on. That is to say, the password is secure as long as the box doesn’t have a keylogger running on it, or a rogue admin-level process that uses the OS’s debugging hooks to snoop plink’s RAM, or… And if you do have such a process running on your system, you’ve already lost control of your data, so the time to worry about security has passed. _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users