RequestHunt is a community-driven platform that collects and curates feature requests from X (Twitter), Reddit, and GitHub. We help product teams discover what features real users are asking for, making it easier to validate product ideas and prioritize feature development based on actual user demand.

How does RequestHunt collect feature requests?

RequestHunt uses AI-powered extraction to automatically collect feature requests from social media platforms including X, Reddit, and GitHub. The platform monitors discussions, issues, and posts to identify genuine user feature requests, extracting key information like the requested feature, product mentioned, and user sentiment.

Who uses RequestHunt?

RequestHunt is used by product managers, founders, developers, and product teams who want to discover what features real users are requesting. It's particularly valuable for startups looking to validate ideas, established companies prioritizing their roadmap, and developers building products that solve real user problems.

Is RequestHunt free to use?

Yes, browsing and searching feature requests on RequestHunt is completely free. We also offer API access for developers who want to integrate feature request data into their own applications. Check our pricing page for API plan details.

How often is RequestHunt data updated?

RequestHunt continuously collects feature requests from Reddit, X (Twitter), GitHub, YouTube, LinkedIn, and Amazon. You can also trigger on-demand scraping via the API or web interface to get the freshest data for any topic.

RequestHunt

Loading request...

[bash] Stop passing secrets as command-line arguments | RequestHunt

357

[bash] Stop passing secrets as command-line arguments

| | , ,

by @u/Ops_Mechanic | 3/14/2026 | submitted by AutoCollector

[view original source]

Request to implement a feature that prevents passing sensitive information like passwords as command-line arguments, suggesting alternatives like reading from stdin instead.

Original Source

@u/Ops_Mechanic | 357 pts | 3/14/2026

When you do this: mysql -u admin -pMyS3cretPass123 Every user on the system sees your password in plain text: ps aux | grep mysql This isn't a bug. Unix exposes every process's full command line through `/proc/PID/cmdline`, readable by any unprivileged user. **IT'S NOT A BRIEF FLASH EITHER -- THE PASSWORD SITS THERE FOR THE ENTIRE LIFETIME OF THE PROCESS.** Any user on your box can run this and harvest credentials in real time: while true; do cat /proc/*/cmdline 2>/dev/null | tr '\0' ' ' | grep -i 'password\|secret\|token' sleep 0.1 done That checks every running process 10 times per second. Zero privileges needed. Same problem with curl: curl -u admin:password123 https://api.example.com And docker: docker run -e DB_PASSWORD=secret myapp The fix is to pass secrets through stdin, which never hits the process table: # mysql -- prompt instead of argv mysql -u admin -p # curl -- header from stdin curl -H @- https://api.example.com <<< "Authorization: Bearer $TOKEN" # curl -- creds from a file curl --netrc-file /path/to/netrc https://api.example.com # docker -- env from file, not command line docker run --env-file .env myapp # general pattern -- pipe secrets, don't pass them some_command --password-stdin <<< "$SECRET" The `-p` with no argument tells mysql to read the password from the terminal instead of argv. The `<<<` here string and `@-` pass data through stdin. Neither shows up in `ps` or `/proc`. Bash and any POSIX shell. This isn't shell-specific -- it's how Unix works.

Discussion

Loading comments...