You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/06/14 01:24:58 UTC
DO NOT REPLY [Bug 51370] New: htdigest should accept password as a
command-line argument
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
Bug #: 51370
Summary: htdigest should accept password as a command-line
argument
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: support
AssignedTo: bugs@httpd.apache.org
ReportedBy: pmw+apache@qnan.org
Classification: Unclassified
Created attachment 27154
--> https://issues.apache.org/bugzilla/attachment.cgi?id=27154
patch to htdigest
Right now, htdigest forces one to enter a password interactively. There is no
way to provide the password on the command-line. This is inconvenient for
scripts.
I needed a script to take a list of usernames/passwords as the input and
generate a single 'htpasswd' file with all of them. I could not find a way (in
Python) to redirect stdin to feed the appropriate password to each invocation
of htdigest.
So, I modified htdigest to accept an optional last argument being the password.
I understand that this is not preferred due to security concerns (after all,
the password is visible in the process list). When security is not an issue,
however, such as when I am working on my personal laptop, the most convenient
option is to pass all needed parameters on the command line.
My patch also refactors some code to avoid duplication and keep everything no
less tidy than it was.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51370] htdigest should accept password as a
command-line argument
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
William A. Rowe Jr. <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |INVALID
--- Comment #6 from William A. Rowe Jr. <wr...@apache.org> 2012-02-03 23:23:38 UTC ---
There is no mechanism to protect the contents of the command line from the view
of all local users, which is why passwords on the command line are a
fundamentally broken concept.
Obviously users are welcome to apply such a patch, but shipping such a patch
would be irresponsible.
I'm going to reclose this as invalid because no developers disagreed when they
saw this message pass by their screens.
If you like, propose a "[vote] Allow command line arg passwords" to the
dev@httpd.apache.org and we can see what the full consensus of the entire
project is.
I'm sure some users would also like to pass ssl key passphrases or user account
passwords on the command line, and that should not happen either. This is one
of those occasions where user desires fly in stark contrast to users well
being.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51370] htdigest should accept password as a
command-line argument
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
Philip <pm...@qnan.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|2.3-HEAD |2.2-HEAD
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51370] htdigest should accept password as a
command-line argument
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
--- Comment #5 from Nirgal Vourgère <jm...@nirgal.com> 2012-02-03 19:58:51 UTC ---
This feature is also in Debian wishlist. Full description and a patch are
available at:
http://bugs.debian.org/325547
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51370] htdigest should accept password as a
command-line argument
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
William A. Rowe Jr. <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> 2011-06-14 02:37:23 UTC ---
Passing arguments on the command line is subject to sniffing by most any
process running locally. This security flaw will not be introduced.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51370] htdigest should accept password as a
command-line argument
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
--- Comment #3 from Igor Galić <i....@brainsware.org> 2011-06-14 17:51:02 UTC ---
I don't like this patch.
+/* generate_digest expects a password in the 'pw' argument. If the password
+ * is not known or may be null, use add_password() to collect it from stdin.
+ */
Why not follow the same path as htpasswd and add -b switch?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51370] htdigest should accept password as a
command-line argument
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
--- Comment #4 from Philip <pm...@qnan.org> 2011-06-14 18:12:23 UTC ---
Igor, thanks for the feedback. Why don't you like the patch? The biggest
reason I don't do what 'htpasswd' does is that I haven't ever used 'htpasswd';
I didn't know it accepts passwords on the command line! I suppose that's the
strongest reason why 'htdigest' should also.
I see why 'htpasswd' requires the '-b' argument -- because the filename is
optional, and '-b' helps to disambiguate. This is not a problem for
'htdigest', since a file argument is mandatory. We can unambiguously determine
whether the user provided a password or not.
The bigger picture is that both programs use a non-standard format for
command-line arguments. I'd expect the "flag or flag-followed-by-parameter"
format, the format supported by Python's getopt library. If we're willing to
break backward compatibility, I'll happily adapt both programs to use libc's
getopt or similar. (Is there an APR replacement?)
What do you think?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51370] htdigest should accept password as a
command-line argument
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51370
Philip <pm...@qnan.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |
--- Comment #2 from Philip <pm...@qnan.org> 2011-06-14 17:21:42 UTC ---
I've acknowledged in the original post that passing a password on the command
line is insecure. However, a good program allows the user to trade convenience
for security. As I said, in my particular situation, there is no security
issue -- it's a personal laptop and I am the only user logged in.
Some well-known command-line programs *optionally* accept a password on the
command line. Two off the top of my head: MySQL's official command-line client
(with the -p option) and PostgreSQL's official command-line client (with the
conninfo string).
The intended audience of 'htdigest' is not a soccer mom; it's presumably a
system/web administrator who's using it on a command line of a Unix-based
system. If they need to use htdigest in a script, we should make it convenient
for them.
How about if I update the usage info and the manpage to indicate that passing a
password on the command line is not recommended for security reasons?
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org