We need to ensure that we document best practices for dealing with the password file used with the asadmin --passwordfile option. We need to mention:
1) Make sure the passwordfile is readable only by the owner
2) Remove the passwordfile once they are done using it with the asadmin command
For 3.1.2 please add this to the Security Guide (or Admin Guide if that is more appropriate).
We should also add this to the asadmin man page (too late to do this for 3.1.2).