Feature #1570
Improve CLI commands: Add new --user & --password options to replace the one_auth authorization credentials
| Status: | Closed | Start date: | 10/23/2012 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | CLI | |||
| Target version: | Release 4.0 | |||
| Resolution: | fixed | Pull request: |
Related issues
Associated revisions
feature #1570: execute a proc before each command call
feature #1570: execute argument procs after all the arguments are parsed
feature #1570: add support for user, password and endpoint parameters
feature #1570: nothice where the get_password function is copied from
feature #1570: typo in --endpoint help
feature #1570: add user, password and endpoint to oneacct
feature #1570: add user, password and endpoint to oneacct
History
#1
Updated by Javi Fontan over 8 years ago
Add also --endpoint parameter
#2
Updated by jordan pittier over 8 years ago
I believe this is highly insecured.
I, as a random user with access on the Opennebula server or access to a server from which an Opennebula admin can perform OpenNebula admin action (ie using the CLI), can just do in a shell : "while true do; ps aux | grep '--password' >> output; done". Sooner or later I would catch the Opennebula password, right ?
If I am not clear just read this : http://dev.mysql.com/doc/refman/5.1/en/password-security-user.html
#3
Updated by Javi Fontan over 8 years ago
I agree that the use of --password is insecure but I still think it could be handy when done in a non public system. For example, executing a script in your laptop to connect to different frontends and users.
I'll add a warning in the documentation.
#4
Updated by Javi Fontan over 8 years ago
- Status changed from New to Closed
- Resolution set to fixed