obfuscate passwords from the command line #3196

totaam · 2021-07-10T03:41:07Z

Running:

xpra attach ssh://USERNAME:PASSWORD@HOSTNAME/

Shows the password in the process list.
We should detect that a password is present in the sys.args during parsing and flag it so that the clients can then obfuscate it.

The text was updated successfully, but these errors were encountered:

totaam · 2021-07-13T12:49:58Z

This will do.
But don't rely on it

Important caveats for anyone reading this:

we can't hide the password until we get to the point where we are using the command line arguments, which may several seconds or more after the command is executed - anyone reading the process list during that time will still be able to see the password
not all commands are being obfuscated - check if the one you are using is one of those

totaam added enhancement New feature or request network labels Jul 10, 2021

totaam added a commit that referenced this issue Jul 13, 2021

#3196 hide password from uri

28fec4d

totaam added a commit to Xpra-org/gtk-osx-build that referenced this issue Jul 13, 2021

support for hiding passwords: Xpra-org/xpra#3196

a6b4767

totaam closed this as completed Jul 13, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

obfuscate passwords from the command line #3196

obfuscate passwords from the command line #3196

totaam commented Jul 10, 2021

totaam commented Jul 13, 2021

obfuscate passwords from the command line #3196

obfuscate passwords from the command line #3196

Comments

totaam commented Jul 10, 2021

totaam commented Jul 13, 2021