hide.client.linux icon indicating copy to clipboard operation
hide.client.linux copied to clipboard
verified publisher icon eventure

Password option should not be displayed on command line usage

Open JonnyTech opened this issue 2 years ago • 1 comments

When running the program without any arguments, it displays the following text:

$ /opt/hide.me/hide.me

Usage:
  /opt/hide.me/hide.me [options...] <command> [host]

command:
  token - request an Access-Token (required for connect)
  connect - connect to a vpn server
  conf - generate a configuration file to be used with the -c option

host:
  fqdn, short name or an IP address of a hide.me server
  Required when the configuration file does not contain it

options:
  -4	Use IPv4 tunneling only
  -6	Use IPv6 tunneling only
  -P password
    	hide.me password
  -R priority
    	RPDB rule priority (default 10)
  -b filename
    	resolv.conf backup filename (default "/etc/resolv.conf.backup.hide.me")
  -c filename
    	Configuration filename
  -ca string
    	CA certificate bundle (default "CA.pem")
  -d DNS servers
    	comma separated list of DNS servers used for client requests (default "209.250.251.37:53,217.182.206.81:53")
  -dpd duration
    	DPD timeout (default 1m0s)
  -i interface
    	network interface name (default "vpn")
  -k	enable/disable leak protection a.k.a. kill-switch (default true)
  -l port
    	listen port
  -m mark
    	firewall mark for wireguard and hide.me client originated traffic
  -p port
    	remote port (default 432)
  -r table
    	routing table to use (default 55555)
  -s networks
    	comma separated list of networks (CIDRs) for which to bypass the VPN
  -t string
    	access token filename (default "accessToken.txt")
  -u username
    	hide.me username

But password is not available as a command line option

options:
  -P password
    	hide.me password

The only reference that I can find is https://github.com/eventure/hide.client.linux/blob/005c2540ffc27ee9e7b18734d00104f6656a2427/hide.me.go#L31

But I am not well versed in GO to be able to omit that from the command-line usage - maybe removing the backticks is sufficient but I cannot find documentation supporting it.

Anyway, this command-line usage display confused me so it should be removed in case it does so to others.

JonnyTech avatar Mar 05 '23 19:03 JonnyTech

its actually very bad practice to read password from the command line.. it should either come from interactive prompt or be read from env.

leberknecht avatar Sep 14 '23 13:09 leberknecht