diff options
author | Ryan Lue <hello@ryanlue.com> | 2022-06-30 23:04:35 -0700 |
---|---|---|
committer | Lukas Fleischer <lfleischer@calcurse.org> | 2023-04-11 15:22:03 -0400 |
commit | e772c4b6d52627c463e70b4284e3794aa0bd0634 (patch) | |
tree | ea1962c737cac208ab8c8b034bde22b8cc3e32d1 /%25253fid%25253de772c4b6d52627c463e70b4284e3794aa0bd0634%253fid%253de772c4b6d52627c463e70b4284e3794aa0bd0634%3fid%3de772c4b6d52627c463e70b4284e3794aa0bd0634?id=e772c4b6d52627c463e70b4284e3794aa0bd0634 | |
parent | 4cd300f2c408907b4a576b55fc15479afbd5d81f (diff) |
calcurse-caldav: Support PasswordCommand option
This commit adds a new `Auth/PasswordCommand` option
to support security best practices re: handling secrets
in CLI program configuration.
Prior to this commit, the two available options
for specifying a password were:
1. via the `Auth/Password` config parameter, or
2. via a `$CALCURSE_CALDAV_PASSWORD` environment variable.
The former is unsafe for obvious reasons;
the latter is unsafe because as long as the script is running,
its environment can be accessed via
$ cat /proc/<pid>/environ
and is thus visible to anyone with access to the system.
This commit preserves preexisting behavior (for backward compatibility)
but removes all mention of option 2 from the README.
Since the README example for option 2 used a password command anyway,
there is little reason to continue its use,
and this commit recommends it be deprecated.
Signed-off-by: Lukas Fleischer <lfleischer@calcurse.org>
Diffstat (limited to '%25253fid%25253de772c4b6d52627c463e70b4284e3794aa0bd0634%253fid%253de772c4b6d52627c463e70b4284e3794aa0bd0634%3fid%3de772c4b6d52627c463e70b4284e3794aa0bd0634?id=e772c4b6d52627c463e70b4284e3794aa0bd0634')
0 files changed, 0 insertions, 0 deletions