I’m a bit concerned by the useage of passwords in the command line. Most OSes, by default, show the command line parameters to all users. If duplicati has passwords defined in the executed command line, that means either the --webservice-sslcertificatepassword or the --webservice-sslcertificatepassw…

[image] hydrian: Allow the user to set environmental variable in the shell before executing duplicati executable. This will not show up in a process list. As long as it isn’t set a system-wide variable, it could be limited to the that specific shell instance. I’m not sure how easy this is with …

Does this also apply to the server executable ? The documentation only mentions for the CLI.

@kenkendk I can’t find any documentation that any of the previously mention parameters apply to the server executable. Are they just undocumented or do they not exist?

[image] hydrian: can’t find any documentation that any of the previously mention parameters apply to the server executable. Are they just undocumented or do they not exist? They do not exist. The server executable hosts a scheduler (among other things) that run backup tasks. The options are s…

My issue is with the having the PKSC12/PFX password in the clear for the TLS certifcate and for the webadmin password being in the process list for any logged in user to see for the whole runtime of the server. If the server executable could get the --parameters-file option that would resolve all o…

Okay… Looks like I’ll open an enhancement request on GitHub.

Opened enhancement: Server needs --parameters-file argument · Issue #2928 · duplicati/duplicati · GitHub

Renamed topic for better clarification

Duplicati

Server Argument Security

Support

show post in topic

Home
Categories
Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled