You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The 2020 Audit of staking-deposit-cli mentioned not allowing users to use command line arguments to specify passwords. Doing so would make the password accessible through the bash history.
A potential solution is to remove the option for mnemonic password and keystore passwords are input arguments and only allow them as inputs when running the CLI unless the user is executing with non-interactive enabled.
The text was updated successfully, but these errors were encountered:
We can't restrict --mnemonic_password, as that's the only way a user can input it. That user may not want to run --non_interactive. This is a niche use however, extremely so.
Forward from:
The 2020 Audit of staking-deposit-cli mentioned not allowing users to use command line arguments to specify passwords. Doing so would make the password accessible through the bash history.
A potential solution is to remove the option for mnemonic password and keystore passwords are input arguments and only allow them as inputs when running the CLI unless the user is executing with non-interactive enabled.
The text was updated successfully, but these errors were encountered: