[FFmpeg-devel] [PATCH] fftools/ffmpeg_ffplay_ffprobe_cmdutils: add -mask_url to replace the protocol address in the command with the asterisk (*)

[Marvin Scholz]

On 19 Dec 2022, at 14:37, Nicolas George wrote:

> Marvin Scholz (12022-12-19):
>> IIUC this means the `-mask_url` option has to be the first option passed,
>> which seems a bit of an unfortunate requirement and is not documented at
>> all, as far as I can see. So at least this should be clearly documented
>> to prevent users being confused why the get an unrecognised option error
>> when they do not pass it as the first option.
>
> Indeed. And I see no reason to have this option processed specially like
> that; it requires at least an explanation.
>
>> I am a bit confused how this helps for the issue it tries to solve, as
>> for some amount of time, until this is done, it would expose the full
>> plaintext URL still, no?
>
> This is unavoidable. Still, having sensitive information visible for a
> fraction of a second is better than having sensitive information visible
> for the length of a playback or transcoding process.

I agree, but then the docs should probably mention that to not give a false
sense of absolute security here. And maybe note that it might
be a better option to pass the password via stdin or hide the process
from other users to completely avoid leaking the password.

>
> Regards,
>
> -- 
>   Nicolas George
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".