tiup leaks password in output - Githubissues

pingcap / tiup

A component manager for TiDB

https://tiup.io

Apache License 2.0

417 stars 310 forks source link

tiup leaks password in output #2376

Closed mzhang77 closed 2 months ago

mzhang77 commented 8 months ago

Bug Report

Please answer these questions before submitting your issue. Thanks!

What did you do?

$ tiup dumpling -o tmp -uroot -ptidb -Btest -F256Mib
Checking updates for component dumpling... Timedout (after 2s)
Starting component dumpling: /home/ec2-user/.tiup/components/dumpling/v7.6.0/dumpling -o tmp -uroot -ptidb -Btest -F256Mib
Release version: v7.6.0

What did you expect to see? Password should not appear in command output. Because in a production system, this output often goes to a log file. And the log file may be viewed by people who are not supposed to know database password.
What did you see instead? -ptidb
What version of TiUP are you using (tiup --version)? $ tiup --version 1.14.0 v1.14.0-nightly-24 Go Version: go1.21.6 Git Ref: master GitHash: 38b6c96c2d27f16bbc7fd95644235010d319f6cc

xhebox commented 2 months ago

Closed by #2436