Monthly Archive 2016-03-31

ByMogens

Sometimes, it’s the little things…

Lately, I’ve been messing around with making small CLI apps quite a bit. I use it to perform various backend tasks on a couple of cloud-hosted APIs, which has turned out to be a really nice way of automating backend tasks while not needing to build any kind of graphical UI for them.

The other day I wanted to be able to manage user accounts from the command line as well, which required me to input a password to the CLI app somehow – but how to do that without passing the password on the command line?

If I had to do it like this, I would make the password part of that particular console window’s history:

C:\> whatever createuser -user [email protected] -password nooneMustSeeThis!!

which would pose a general security risk. An obvious way to fix that, is to have the CLI app prompt the user for the password, allowing me to enter the password at runtime:

C:\> whatever createuser -user [email protected]

Creating user '[email protected]'

Please enter password: nooneMustSeeThis!!

...

While this is better than accepting it directly as a parameter, it is still not totally acceptable, because the password will be perfectly visible in the console window’s buffer history.

Usually, when prompting the user for a password, we let UIs output little asterisks as a placeholder for each character – and that is of course what we should do πŸ™‚

And that is what I made a small (the smallest one I have made to this date) NuGet package called “Shtern”, which contains one single static method: Password.ReadLine().

With Sthern, the password input scenario would look like this:

C:\> whatever createuser -user [email protected]

Creating user '[email protected]'

Please enter password: *******************

...

while of course delivering the password string to the application. And that was exactly what we needed πŸ™‚

As usual, the code is on GitHub and the package is on NuGet.org.