Open eproxus opened 3 years ago
I have a few TODOs around this area that will at least mitigate this problem a bit I believe. Namely, checking to see if the username/password is right prior to prompting for a local password. What's more prompting the username / password if it comes back wrong.
We along with hex team have discussed moving to a web flow for authenticating vs authenticating with a password. I mention this because my hunch is that the odd paste behavior is around how we handle masking, and also how mix hex handles it as well.
I'm not sure that 2. obviates addressing the issue you've created because I don't know exactly when that will be. I or someone will look into this as soon as possible.
Potentially related (to Bryan's expectations/future changes): when you write the local password it seems to write the character and then hide it. I'm not sure this is possible to change, but if filmed, for example, might be a security risk.
@paulo-ferraz-oliveira yes, precisely. We do this because there are issues with doing it a "better" way. Specifically, you can run into gotchas around IO in subsequent operations and this is the only solution that works on windows.
(we can always tell the user to enter the password while covering it with his/her hands 😄)
@starbelly, newer version of Erlang (thinking 26+, or even 27) already do something in regards to "hiding the password as you type it" better, right?
When running
rebar3 hex user auth
and pasting a password that is longer than the terminal width the password shows up in clear text in the terminal:Even though the prompt shows again, the password is entered correctly and you can proceed.
Environment