Remove the key.password option
#19
Assignees
Comments
|
@lennylessizmor Thank you so much for this idea, that is valid for the UE improvement. I will plan to have it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Passing account keyfile passwords as command line options is poor security practice. And while it is true that a user can avoid this by storing the pwd in an environment variable (eg
key.password=$(ORACLE_PWD)), the readme and--helpdocument the poor practice of passing plain text pwds on the command line.I recommend removing
key.passwordand have theautoraclelook for the password in a specific environment variable. If no such variable is found, prompt user for the pwd at runtime (using a terminal library that doesn't echo the user input).The text was updated successfully, but these errors were encountered: