<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">Everyone, It occurs to me that I should mention the following regarding this patch - it has been written such that it trims all leading and trailing white space from the password when read in from a file (a somewhat controversial subject). As I see it, we have four options: <ol> <li>we could just go with a policy of always trimming white space from the password (as reflected by this patch), </li> <li>we could easily change the code to not trim white space from passwords, or</li> <li>we could add an optional boolean flag (e. g. - "--pristine" or "--pristine-password") that, when specified, causes white space on passwords to not be trimmed (default is to trim white space), or</li> <li>we could add an optional boolean flag (e. g. - "--trim" or "--trim-password") that, when specified, causes white space on passwords to be trimmed (default is not to trim white space). </li> </ol> If this is changed, both the code and the man page Caveat needs to be updated to reflect this decision (leading/trailing whitespace will continue to always be trimmed from any specified 'token'). I know that there are several schools of thought on this, so I would like to obtain a consensus opinion on this (if there is too much disagreement, I will implement option (3) above and be done with it). Thanks, -- Matt On 08/07/14 21:20, Matthew Harmsen wrote: </div> <blockquote cite="mid:53E4500D.7030505@redhat.com" type="cite"> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> <tt>Please review the attached patch (revised) which implements alternative CLI password methods to address the following PKI TRAC ticket:</tt><tt> </tt><tt> </tt><tt> </tt> <ul> <li><tt><a moz-do-not-send="true" href="https://fedorahosted.org/pki/ticket/555">PKI TRAC Ticket #555 - Other ways to specify CLI password</a></tt></li> </ul> <tt>This revised patch attempts to address most of the comments to the previous patch including:</tt><tt> </tt><tt> </tt> <ul> <li><tt>made numerous man page changes</tt></li> <li><tt>camelCased method names </tt></li> <li><tt>changed the password routine to utilize the '=' delimiter rather than the ':' delimiter (more appropriate for Java)</tt><tt> </tt> </li> <li><tt>consolidated the two password file routines into a single routine which supports 'token=password' format (as well as documenting and providing man page examples for how to utilize this style of file with a simple password)</tt></li> <li><tt>removed all warning messages from the password routine </tt></li> <li><tt>utilized suggestions to improve the password routine including replacing the use of the StringUtils.split() method with the String.split() method using a regex </tt></li> <li><tt>rewrote password routine to handle passwords that contained the delimiter as a part of the password</tt><tt> </tt> </li> <li><tt>ditched 'DRM' </tt></li> <li><tt>removed consolidated error messages and exited immediately </tt></li> <li><tt>removed the '-y' option </tt></li> <li><tt>moved password prompting under the control of the pki CLI program for both basic and client authentication </tt></li> <li><tt>removed previous changes to URI/URL </tt></li> <li><tt>removed previous changes to subsystem type</tt></li> <li><tt>added mutual exclusive test for "-n" (client authentication) vs. "-u" (basic authentication) options</tt></li> <li><tt>added mutual dependency tests as needed</tt></li> </ul> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ Pki-devel mailing list <a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre> </blockquote> </body> </html>