Re: [PATCH] http authentication via prompts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Disclaimer: if you are offended by constructive criticism, or likely to 
answer with insults to the comments I offer, please stop reading this mail 
now (and please do not answer my mail, either). :-)

Still with me?  Good.  Nice to meet you.

Just for the record: responding to a patch is my strongest way of saying 
that I appreciate your work.

On Wed, 4 Mar 2009, Mike Gaffney wrote:

> Currently git over http only works with a .netrc file which required 
> that you store your password on the file system in plaintext. This 
> commit adds to configuration options for http for a username and an 
> optional password. If a http.username is set, then the .netrc file is 
> ignored and the username is used instead. If a http.password is set, 
> then that is used as well, otherwise the user is prompted for their 
> password.

>From the subject, I would have expected a way to type in the password 
instead of storing it.  (Think getpass()... which would pose problems 
with Windows support, of course.)

FWIW by having it in .git/config (which is most likely more world-readable 
than $HOME/.netrc ever will be) does not provide any security over .netrc.

And I doubt that http.username is a good choice: what if you have multiple 
http:// URLs with different usernames/passwords?  So would it not make 
more sense to make this remote.<name>.user and ...password?

Ciao,
Dscho
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux