Bug 57130 - Allow digest.sh to accept password from a file or from stdin
Summary: Allow digest.sh to accept password from a file or from stdin
Alias: None
Product: Tomcat 8
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 8.0.14
Hardware: PC All
: P2 enhancement (vote)
Target Milestone: ----
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2014-10-22 13:03 UTC by Konstantin Kolinko
Modified: 2024-03-22 13:40 UTC (History)
1 user (show)

Patch proposal (6.67 KB, patch)
2016-02-19 15:45 UTC, Coty Sutherland
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Konstantin Kolinko 2014-10-22 13:03:07 UTC
This is inspired by discussions about adding --password-file option to subversion command line tool at dev <at> subversion.a.o mailing list.
Links to threads:
"The --password and clumsy users issue"
"[PATCH]: Add --password-file and --password-envvar"

The digest.sh utility in Tomcat accepts passwords as arguments on the command line and prints hashed representation for them to System.out.

Proposal is to
1) Provide an option to specify a file name to read passwords from
2) If file name is "-" then treat it as System.in
3) Add support for option "--" to specify the end of list of options

Implementation goes into RealmBase.java, documentation goes into realm-howto.xml.
r1633589 can be used for a reference.
Comment 1 Christopher Schultz 2014-10-22 14:02:50 UTC
This would be a good bug for someone who would like to get their name in the changelog. Any takers?

(Is there an "easy bug" flag that we can set to make finding them easier in BZ?)
Comment 2 Coty Sutherland 2016-02-19 15:45:51 UTC
Created attachment 33572 [details]
Patch proposal

I think that I added the requirements correctly :) I had a little trouble understanding exactly what option 3 (the -- addition) was asking, so I did what other CLI tools do. Additionally, I made the password-file option ignore other password input, which can easily be reversed if that behavior was undesired. The documentation may need some touching up to incorporate the file option also (I added the option in the realm-howto explanation, but didn't amend the example use-case).

Lastly, I put in some comments to help understand my intention in case they were incorrect. Those can be cleaned up if the logic is agreed upon.
Comment 3 Christopher Schultz 2016-02-20 13:10:25 UTC
I took a quick look at your proposed patch. Is there a reason why you implemented a file-based system instead of stdin-to-stdout? This enhancement request is for stdin-to-stdout.

The quality of the patch seems good to me (thanks!), I was just wondering about the use-case. stdin-to-stdout could easily be scripted to process a file a line-at-a-time.
Comment 4 Coty Sutherland 2016-03-07 16:57:30 UTC
Hmm, lack of experience in the area I suppose...I thought I did a pretty literal implementation of the requirements from the description (specifically the first point). I could rewrite it if you would like me to if you can elaborate on where my misunderstanding was.
Comment 5 Christopher Schultz 2016-03-08 14:18:07 UTC
Fair enough. I'll have another look.
Comment 6 Coty Sutherland 2016-05-20 14:14:30 UTC
Bump; It's been a while since this RFE has gotten any attention. Have you had a chance to take a look and provide further feedback?
Comment 7 Christopher Schultz 2024-03-11 14:05:08 UTC
Coty: any reason to stop processing additional command-line arguments when reading passwords from a file?
Comment 8 Christopher Schultz 2024-03-11 14:46:48 UTC
Fixed in 8932164afc55b4851ba8cd1680a6e56e6db28cea in main.
Back-ported to other branches as well.
Comment 9 Coty Sutherland 2024-03-22 13:40:38 UTC
Totally missed this, but no I don't think so :)