wikibase-cli icon indicating copy to clipboard operation
wikibase-cli copied to clipboard

Published 20 hours ago verified publisher icon maxlath

Passwords are being stored in clear text

Open almereyda opened this issue 7 years ago • 2 comments

Coming from the discussion in #44, we have discovered that credential storage is leaking private credentials where unneccessary. A possibility to circumvent that could be a command switch to launch an interactive REPL to query for the password during runtime, instead of leaving it as plain text in the file system.

Where in

https://github.com/maxlath/wikidata-cli/commit/ce7737a12e3764f7421628bb41c5443d33cbaaab

we ask ourselves to find a better way to do this, #25 offers a possible implementation route.

almereyda avatar Dec 07 '17 14:12 almereyda

as I see it:

  • OAuth would be an improvement as it would lower the power of the credentials we have to handle, but we would still have credentials supposedly secret to handle
  • this handling can hardly be done without persisting those credentials to the file system, the alternative proposition to request the password at every session being, in my opinion, not an acceptable solution: as a user, I want to deal with setting up my credentials once and forget about it
  • a possible workaround would be to rely on the system password management system (using a module like keytar maybe?), but that would probably require to run the program in sudo mode at some point

maxlath avatar Dec 07 '17 14:12 maxlath

OAuth authentification is now possible (and recommanded!) in wikibase-cli >= v8 \o/ see config documentation

maxlath avatar Oct 02 '19 16:10 maxlath