Password not robust

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Use a strange password with characters like "}%:, etc.
2. Logins won't work.

What is the expected output? What do you see instead?

Can't use these passwords - won't log in.

What version of the product are you using? On what operating system?

OSX 10.6.4

Please provide any additional information below.

You guys should really use different methods that don't involve plaintext 
passwords in configuration files.  (Horrible, really.)  MagicCookie or AuthSub 
would be better.  Heck, even using getpass.getpass('Password please?') would be 
better, at least that way my password wouldn't be in plaintext in the terminal. 
 C'mon.

Original issue reported on code.google.com by joelfred...@gmail.com on 11 Aug 2010 at 9:06

[GoogleCodeExporter]

First... fixed the password issue.  gcalcli now uses the RawConfigParser to 
parse the config file so interpolation is no longer performed inside it.

Second... Are you a troll?  In the future please take note of how you're 
contributing to a project.  If you have a better way (and yes I know there are 
better) you should invest *yourself* into providing and implementing a solution 
so all can benefit.

Third... I'm pretty sure you're not a command line guy since you could use 
those types of passwords if you knew how to escape characters. 
http://tinyurl.com/3gp5bub

Original comment by eda...@insanum.com on 27 Jul 2011 at 4:51

• Changed state: Fixed

[GoogleCodeExporter]

Original comment by eda...@insanum.com on 27 Jul 2011 at 4:59

• Changed state: Verified

[GoogleCodeExporter]

This was so long ago I don't even remember submitting it.  I think I abandoned 
gcalcli?  I don't remember.  It does seem pretty harsh of me.  But on the other 
hand, I think I was in the middle of coding my own gcal stuff.  I had just read 
and gone through implementing passwords securely, and it seemed like the most 
important part of a project.  But it was left undone.  So I wasn't trolling, it 
was probably just late and I was frustrated and tired.

And it's still not obvious to me that a password should be escaped?  It seems 
pretty counterintuitive?  I rarely ever enter passwords on the command line, 
but you definitely don't escape your pw when using sudo, right?

Original comment by joelfred...@gmail.com on 27 Jul 2011 at 5:08

[GoogleCodeExporter]

Ok cool.  Escaping magic characters depends on the environment.  If you
enter it on the command line via the --pw argument then yeah, must be
escaped.  In the gcalcli config file it's a bit different since that file is
parsed by python using the ConfigParser module.  This module would
interpolate so one variable could reference another and so on.  Not
intuitive no.  This has been fix and interpolation is turned off.

Nonetheless I will be adding better password management soon.  Note that
gcalcli now has the ability to prompt for a password.  Crude and pointless
for those who want to automate running gcalcli in a script.  In any case, as
a workaround always make sure read/write permissions are always for the user
only for your gcalcli config file.

Thanks!  :-)

- e

Original comment by eda...@insanum.com on 27 Jul 2011 at 5:21