[PATCH] Flush password prompts for non-terminal callers
Steven Streeting
steve at stevestreeting.com
Sun Jan 16 11:07:12 UTC 2011
> By using stdin.readline() you're essentially throwing away all the efforts getpass.getpass() goes into trying not to echo the actual password (which might pose a security risk - shoulder attack? ;-).
Yeah, I may well be doing something stupid here, apologies if so - I was just trying to fix a problem I had and this seemed to work. That's kind of why I raised it as an issue on the tracker first even though I had a patch to fix it for me, I'd welcome alternative implementations that are more informed!
> It seems that getpass.getpass() flushes the output stream since Python 2.6, which version and platform have you tested this on?
I'm running Python 2.6.1 on Mac OS X, so I don't think getpass() is flushing. I had observed that depending on the amount of output I would randomly not get the full username or password prompt, and these 2 changes resolved it in all cases. It definitely was occurring in cases both where the username was already known (so only a password prompt) and where hg had to prompt for the username too.
> Since Mercruial supports Python versions earlier than 2.6, short of fixing getpass in its code base, an alternative might be to provide a wrapped sys.stdout to getpass.getpass() that will flush the output stream after a write() call has been issued, for the broken getpass. I'm not sure if it's the best option though.
I'm not a Python expert by any means so I welcome your suggestions & alternative approaches on this. I was just trying to avoid setting the entire Python process to unbuffered output - anything which ensures that the output is flushed (it's stderr in this case) before asking for user input would solve my problem.
Cheers
Steve
More information about the Mercurial-devel
mailing list