[Qt] Don't add arguments of sensitive command to console window #10093

pull jonasschnelli wants to merge 1 commits into bitcoin:master from jonasschnelli:2017/03/qt_console changing 1 files +1 −1

jonasschnelli commented at 8:25 AM on March 27, 2017: contributor
At the moment, we hide sensitive command arguments from the console history but not from the console window. This tiny change will also hide the arguments from the console window.

Especially for "importmulti", this may be a little bit annoying because if one executes a command with invalid arguments, you need to start type in everything again.

Ideally we would only filter the command if sensitive arguments have been used (complicated to implement).

List of sensitive commands:
```
const QStringList historyFilter = QStringList()
    << "importprivkey"
    << "importmulti"
    << "signmessagewithprivkey"
    << "signrawtransaction"
    << "walletpassphrase"
    << "walletpassphrasechange"
    << "encryptwallet";

}
```
jonasschnelli added the label GUI on Mar 27, 2017
[Qt] Don't add arguments of sensitive command to console window 7278537730
jonasschnelli force-pushed on Mar 27, 2017
luke-jr commented at 8:33 AM on March 27, 2017: member

Why?
jonasschnelli commented at 8:45 AM on March 27, 2017: contributor

Why?

Even if we don't persist the console windows content, one may not want to expose private keys (and the wallet passphrase) on the screen. IMO "shell"-like interpreters should never reveal passwords "on screen" after they have been typed-in.
fanquake commented at 11:22 AM on April 2, 2017: member

Quickly tested. Used the same command with both importprivkey("some_key"). Using master (12af74b289f8cdc6caf850dc6c802f9936b1e8b3) command params are displayed on screen. With this PR (7278537), they are not. Master:

This PR:
laanwj commented at 8:09 AM on April 11, 2017: member

Even if we don't persist the console windows content, one may not want to expose private keys (and the wallet passphrase) on the screen. IMO "shell"-like interpreters should never reveal passwords "on screen" after they have been typed-in.

Agree, it is somewhat useful to prevent shoulder-surfing.

Concept ACK.
ryanofsky commented at 5:48 PM on May 1, 2017: member

ACK 72785377306764ab999e4bab13b821e4e5ea11eb.

Code change is trivial. Tested and confirmed it removes arguments onscreen in addition to ones in history (which were already removed before).
sipa commented at 11:02 PM on May 1, 2017: member

Lightly-tested ACK.
jonasschnelli merged this on May 2, 2017
jonasschnelli closed this on May 2, 2017
jonasschnelli referenced this in commit a3e756b7d6 on May 2, 2017
PastaPastaPasta referenced this in commit a867c54a4f on Jun 10, 2019
PastaPastaPasta referenced this in commit 180dccf8c1 on Jun 10, 2019
PastaPastaPasta referenced this in commit 4fe822d9fc on Jun 10, 2019
PastaPastaPasta referenced this in commit 6c720bae73 on Jun 10, 2019
PastaPastaPasta referenced this in commit 9536b0ff5c on Jun 10, 2019
PastaPastaPasta referenced this in commit 634e610f33 on Jun 11, 2019
PastaPastaPasta referenced this in commit e4555a7c82 on Jun 11, 2019
PastaPastaPasta referenced this in commit a968069651 on Jun 12, 2019
PastaPastaPasta referenced this in commit 2609606e7c on Jun 14, 2019
PastaPastaPasta referenced this in commit 480914ffca on Jun 14, 2019
PastaPastaPasta referenced this in commit 471031272b on Jun 14, 2019
PastaPastaPasta referenced this in commit ed71579cce on Jun 14, 2019
PastaPastaPasta referenced this in commit 78a2c68ede on Jun 15, 2019
PastaPastaPasta referenced this in commit 29909eed8c on Jun 19, 2019
barrystyle referenced this in commit 37b7df9bb0 on Jan 22, 2020
MarcoFalke locked this on Sep 8, 2021

Contributors

Labels