Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nexus-cli should be able to prompt for password , if not supplied through config or from override #117

Open
vgshine opened this issue Dec 30, 2015 · 0 comments
Open

nexus-cli should be able to prompt for password , if not supplied through config or from override #117

vgshine opened this issue Dec 30, 2015 · 0 comments

Comments

@vgshine
Copy link

vgshine commented Dec 30, 2015

In the current scenario we have 2 ways to authenticate to server , either it should be supplied in plain text through config file , or user supply it through overrides options. if we doesn't supply it either way it raise an exception.

In both of these cases we are passing the password in plain text , As per our requirement we need to address this security gap and would prompt the password and mask it so it can be passed through secure channel .

As a proposed solution I believe that we can include this password prompt change in Configuration Class file which would have a logic for both the cases , overrides as well as for the config file.
This would prevent supplying password in the plain text for authentication.

Also one more change that would be needed in remote_factory to supply the correct override for pro_remote and oss_remote , so updated overrides Hash needs to be supplied for password to prompt only once.

att_reader: overrides

@overrides = overrides.merge!(configuration)

Github
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vgshine