Comment 3 for bug 741788

Revision history for this message
Jason Stephenson (jstephenson) wrote :

I can say that passwords do not get masked in process listings. This is why the man page of almost every program that allows a user to enter a password on the command line suggest that you don't do that.

One an Evergreen server, this should be less of a concern given adequate firewall protection. Hopefully, you are not allowing other users to log in to the same machine and run their own processes. In a hosted environment, though, the user may not have enough control of the system to guarantee the privacy of command line options. There is always a trade off between security and convenience.