From 2af732f364e4734a5a5fd432c77a374e84e5d76c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 14 Mar 2019 11:49:35 +0100 Subject: curl.1: --user and --proxy-user are hidden from ps output Suggested-by: Eric Curtin Improved-by: Dan Fandrich Ref: #3680 Closes #3683 --- docs/cmdline-opts/proxy-user.d | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/cmdline-opts/proxy-user.d') diff --git a/docs/cmdline-opts/proxy-user.d b/docs/cmdline-opts/proxy-user.d index b1f6f6e03..152466daa 100644 --- a/docs/cmdline-opts/proxy-user.d +++ b/docs/cmdline-opts/proxy-user.d @@ -9,4 +9,10 @@ If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM authentication then you can tell curl to select the user name and password from your environment by specifying a single colon with this option: "-U :". +On systems where it works, curl will hide the given option argument from +process listings. This is not enough to protect credentials from possibly +getting seen by other users on the same system as they will still be visible +for a brief moment before cleared. Such sensitive data should be retrieved +from a file instead or similar and never used in clear text in a command line. + If this option is used several times, the last one will be used. -- cgit v1.2.3