8
0
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-22 23:23:02 +01:00
firebird-mirror/doc/README.read_password_from_file

39 lines
1.1 KiB
Plaintext
Raw Normal View History

2008-11-30 18:34:18 +01:00
Issue:
======
2021-06-08 15:31:18 +02:00
All command-line utilities which support -password parameter are
vulnerable to password sniffing, especially when they're run from
scripts. Since 2.1, all Firebird utilities replace argv[PASSWORD]
with *, but better solution for hiding password from others in
process list should be reading it from file or asking for it on
2008-11-30 18:34:18 +01:00
stdin.
Scope:
======
Security issue.
Document author:
=================
Alex Peshkov (peshkoff@mail.ru)
Document date: 2008-11-30
==============
2021-06-08 15:31:18 +02:00
All utilities have new switch
-fetch_password
which may be abbreviated according with utility rules.
Switch has required parameter - name of file with password. I.e.:
isql -user sysdba -fet passfile server:employee
will load password form file "passfile", using its first line
as password.
One can specify "stdin" as file name to make password be read
2008-11-30 18:34:18 +01:00
from stdin. If stdin is terminal, prompt:
2021-06-08 15:31:18 +02:00
Enter password:
will be printed.
For posix users - if you specify '-fetch /dev/tty' you will also
be promted. This may be useful if you need to restore from stdin:
bunzip2 -c emp.fbk.bz2 | gbak -c stdin /db/new.fdb -user sysdba -fetch /dev/tty