Ticket #268 (closed defect: fixed)

Opened 8 months ago

Last modified 7 months ago

cabal upload asks for a password in plain text

Reported by: guest Assigned to:
Priority: normal Milestone:
Component: Cabal library Version: HEAD
Severity: normal Keywords:
Cc: Difficulty: very easy (<1 hour)
GHC Version: 6.8.2 Platform:

Description

Cabal upload asks for your password in plain text. That one is security related - you are asking for someones password, and giving the appearance that you aren't overly fussed about keeping it secret.

I'm happy to add that if anyone can figure out the code to do it. It's presumably different on ANSI terminals and the Windows command console.

getChar in a loop? You can always do:

c <- getChar putChar '*'

If you so feel like it. You can even use putStr "\b \b" to move back one character, even on Windows.

Change History

04/18/08 03:59:30 changed by duncan

  • difficulty changed from normal to very easy (<1 hour).

05/01/08 14:50:00 changed by duncan

  • status changed from new to closed.
  • resolution set to fixed.

Done. 

Thu May  1 22:44:56 BST 2008  Duncan Coutts <duncan@haskell.org>
  * Don't echo when prompting for the hackage upload password.
  Fixes ticket #268. And use newtypes for the username and password,
  just to be more sure we're not mixing them up with other strings.

So it doesn't echo '*'s instead it just turns off terminal echoing which hopefully is more portable. We still use getLine rather than getChar so that uses the OS/terminal's line editing facilities which means you can still use backspace etc.