The new log system does have the concept of “private” data (that can only be viewed after explicitly enabling it) but I don’t know how they determine what qualifies.
Apparently a 10.13.x update addressed this. Still, if a password is in a command line, that is basically impossible to predict if you don’t know the tool in advance, and would still leak elsewhere (e.g. another user on the system examining “ps” output).
It is better to use something like an environment variable to pass information to the subprocess without revealing it in the command.
Apparently a 10.13.x update addressed this. Still, if a password is in a command line, that is basically impossible to predict if you don’t know the tool in advance, and would still leak elsewhere (e.g. another user on the system examining “ps” output).
It is better to use something like an environment variable to pass information to the subprocess without revealing it in the command.