Issue:
======
 All command-line utilities which support -password parameter are
 vulnerable to password sniffing, especially when they're run from
 scripts. Since 2.1, all Firebird utilities replace argv[PASSWORD]
 with *, but better solution for hiding password from others in
 process list should be reading it from file or asking for it on
 stdin.

Scope:
======
 Security issue.

Document author:
=================
 Alex Peshkov (peshkoff@mail.ru)

Document date:  2008-11-30
==============


 All utilities have new switch
-fetch_password
 which may be abbreviated according with utility rules.

 Switch has required parameter - name of file with password. I.e.:
isql -user sysdba -fet passfile server:employee
 will load password form file "passfile", using its first line
 as password.

 One can specify "stdin" as file name to make password be read
 from stdin. If stdin is terminal, prompt:
Enter password:
 will be printed.

 For posix users - if you specify '-fetch /dev/tty' you will also
 be promted. This may be useful if you need to restore from stdin:
bunzip2 -c emp.fbk.bz2 | gbak -c stdin /db/new.fdb -user sysdba -fetch /dev/tty
