PenguinCoder@beehaw.org to Technology@beehaw.orgEnglish · 29 days agoHow I Got Hacked: A Warning about Malicious PoCschocapikk.comexternal-linkmessage-square10linkfedilinkarrow-up144arrow-down10file-text
arrow-up144arrow-down1external-linkHow I Got Hacked: A Warning about Malicious PoCschocapikk.comPenguinCoder@beehaw.org to Technology@beehaw.orgEnglish · 29 days agomessage-square10linkfedilinkfile-text
minus-squareScrath@lemmy.dbzer0.comlinkfedilinkarrow-up5·28 days agoIf you shouldn’t use sensitive information as command line arguments and also avoid environment variables for passwords, how should you pass such data to programs short of setting up a configuration file?
minus-squaretal@lemmy.todaylinkfedilinkEnglisharrow-up4·28 days agoFor the command line, do what OpenSSH does, take passwords on terminals. For environment variables, the issue is passing them to all programs; you don’t want to put credentials in a .bashenv or similar.
If you shouldn’t use sensitive information as command line arguments and also avoid environment variables for passwords, how should you pass such data to programs short of setting up a configuration file?
For the command line, do what OpenSSH does, take passwords on terminals.
For environment variables, the issue is passing them to all programs; you don’t want to put credentials in a
.bashenvor similar.