Skip to content

Stop leaking IB password to IBC log when passed via env vars#359

Open
pps83 wants to merge 1 commit into
IbcAlpha:masterfrom
pps83:master-hide-pass
Open

Stop leaking IB password to IBC log when passed via env vars#359
pps83 wants to merge 1 commit into
IbcAlpha:masterfrom
pps83:master-hide-pass

Conversation

@pps83

@pps83 pps83 commented May 16, 2026

Copy link
Copy Markdown
Contributor

TWSUSERID/TWSPASSWORD (or /User:/PW:) ended up in clear in every launch's System Properties dump. Config-file IbLoginId/IbPassword was unaffected.

@pps83
Stop leaking IB password to IBC log when passed via env vars
8df3a2f 
TWSUSERID/TWSPASSWORD (or /User:/PW:) ended up in clear in every launch's System Properties dump. Config-file IbLoginId/IbPassword was unaffected.
@pps83

pps83 commented Jun 6, 2026

Copy link
Copy Markdown
Contributor Author

@rlktradewright ping. current ibc logs password in clear text in its logs if password is passed via env vars

@rlktradewright

rlktradewright commented Jun 6, 2026

Copy link
Copy Markdown
Member

@pps83

I haven't forgotten this, or the raft of other issues you raised. But at the moment I have more important things to do.

Not ideal, I know, but it's been this way for about 23 years and no one has complained about their credentials being compromised becuase of this. Partly because I suspect few users do this, especially as they are warned not to.

I want to do one final release of IBC before I abandon it which will include all this stuff and some other things I've had in the pipeline for a while now. I just need to find some time to do it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pps83 @rlktradewright