remyroy
commented
3 months ago I like the idea of restricting those password flags only when running this under the non-interaction option. This would have to be well documented.
Open valefar-on-discord opened 5 months ago
remyroy
commented
3 months ago I like the idea of restricting those password flags only when running this under the non-interaction option. This would have to be well documented.
yorickdowne
commented
2 weeks ago We can't restrict --mnemonic_password, as that's the only way a user can input it. That user may not want to run --non_interactive. This is a niche use however, extremely so.
We can restrict --keystore_password.
Forward from:
The 2020 Audit of staking-deposit-cli mentioned not allowing users to use command line arguments to specify passwords. Doing so would make the password accessible through the bash history.
A potential solution is to remove the option for mnemonic password and keystore passwords are input arguments and only allow them as inputs when running the CLI unless the user is executing with non-interactive enabled.