Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

passwords as java system properties #44

Open
jgeraerts opened this issue Dec 21, 2015 · 1 comment
Open

passwords as java system properties #44

jgeraerts opened this issue Dec 21, 2015 · 1 comment

Comments

@jgeraerts
Copy link

Environ allows you to override settings as java system properties which in itself can come in very handy. But security wise it might not be the best idea. A non privileged user on a shared system can see for example all arguments that were given to a certain program. So if passwords are passed this way one can see all arguments with a simple ps command.

I suggest that at least the documentation is warning about this.

Environ can even add some regexes to the keywords so it can warn if something "passwordish" is passed as java system property.
@weavejester
Copy link
Owner

I don't want to add anything to the code about this, as trying to guess whether a user has done something dangerous is not going to be reliable.

However, a small note in the README sounds fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@weavejester @jgeraerts