Feature #1570

Improve CLI commands: Add new --user & --password options to replace the one_auth authorization credentials

Added by Carlos Martín over 8 years ago. Updated over 8 years ago.

Status:ClosedStart date:10/23/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:CLI
Target version:Release 4.0
Resolution:fixed Pull request:

Related issues

Related to Feature #1353: Improve CLI commands Closed 07/12/2012
Related to Feature #1640: Improve CLI commands Closed

Associated revisions

Revision ba8fb4ab
Added by Javi Fontan over 8 years ago

feature #1570: execute a proc before each command call

Revision cec5c8aa
Added by Javi Fontan over 8 years ago

feature #1570: execute argument procs after all the arguments are parsed

Revision b97ef1d2
Added by Javi Fontan over 8 years ago

feature #1570: add support for user, password and endpoint parameters

Revision b9d7067a
Added by Javi Fontan over 8 years ago

feature #1570: nothice where the get_password function is copied from

Revision b3e9c1c1
Added by Javi Fontan over 8 years ago

feature #1570: typo in --endpoint help

Revision bf5a3a76
Added by Javi Fontan over 8 years ago

feature #1570: add user, password and endpoint to oneacct

Revision eb9a54a9
Added by Javi Fontan over 8 years ago

feature #1570: add user, password and endpoint to oneacct

History

#1 Updated by Javi Fontan over 8 years ago

Add also --endpoint parameter

#2 Updated by jordan pittier over 8 years ago

I believe this is highly insecured.

I, as a random user with access on the Opennebula server or access to a server from which an Opennebula admin can perform OpenNebula admin action (ie using the CLI), can just do in a shell : "while true do; ps aux | grep '--password' >> output; done". Sooner or later I would catch the Opennebula password, right ?

If I am not clear just read this : http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html

#3 Updated by Javi Fontan over 8 years ago

I agree that the use of --password is insecure but I still think it could be handy when done in a non public system. For example, executing a script in your laptop to connect to different frontends and users.

I'll add a warning in the documentation.

#4 Updated by Javi Fontan over 8 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Also available in: Atom PDF