The command line can be read by any user on the host (with `ps auxww` for exampl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		akvadrako 71 days ago \| parent \| context \| favorite \| on: Environment variables are a legacy mess: Let's div... The command line can be read by any user on the host (with `ps auxww` for example) while the environment cannot. You should never pass secrets on the command line.

bjourne 71 days ago [–]

Environment variables are not more secure than command line parameters! It's such a common misconception that because environment variables are "not seen" they can serve as a secure channel. They emphatically cannot.

akvadrako 71 days ago | [–]

Secrets being hidden ("not seen") is really their main quality...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact