#31 Hide password from process list
Currently, the password is shown to anyone who can view the process list, e.g.
joe@dev:/home/joe# ps aux | grep 7z
root 24586 0.0 0.0 52796 1000 pts/1 S 18:20 0:00 /bin/sh /usr/local/bin/7za a -t7z -sihome.tar -psecret /var/backup/2010-10-04-dev-home-backup.tar.7z
root 24590 142 2.4 231512 197048 pts/1 Rl 18:20 20:18 /usr/local/lib/p7zip/7za a -t7z -sihome.tar -psecret /var/backup/2010-10-04-dev-home-backup.tar.7z
Would be great if there was a way to hide the password.
I've tried pipes and <<, but they don't seem to work, so I'm guessing the password isn't read from stdin.
I don't know how porting works, but I'm imagining sort of wrapper to supply a file name on the command line might also work (like --password-file=~/.7zpassword or something like that).
I am seeking for this solution and finally google to here. This feature definitely help. I switched my encryption script from gpg to p7z due to the portability between linux and windows. While found that I can't manage the security issue due to lack of password file feature in p7z (while gpg has this feature).
Hope can see this feature in next version!
If your archive is launched by hand :
7za a -t7z -sihome.tar -p /var/backup/2010-10-04-dev-home-backup.tar.7z
will ask for the password.
so "ps aux" will not show your password
This will work in most cases but for example not in cronjobs that shall run in the background. In this case a password must be given and it would be useful if p7zip could read it from a file.
I tried
$ echo "password" | 7za x bla.zip
$ 7za x bla.zip <<HERE
password
HERE
Both does not work as GummiBear stated.
It makes it essentially unscriptable.