FTP username and password must be written on command line (security hazard)
Bug #34685 reported by
Michal Krenek (Mikos)
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bazaar |
Fix Released
|
Medium
|
Unassigned |
Bug Description
If I want to use for 'push' command with FTP, I must specify username and password on command line, for example:
bzr push ftp://username:<email address hidden>
This is really bad behaviour and security hazard (password can be for example seen in BASH history), there should be dialog for username and password if it is not specified on command line.
There is already method ui_factory.
description: | updated |
To post a comment you must log in.
I think this is really critical bug (because of security hazard), so I have rised severity to "Critical" and priority to "High", I hope it will be corrected in version 0.8.
If this is not right practice, then I am sorry and you can correct severity/priority to right value.