Question (again, if this has been beaten to death already, could someone summarize briefly or point me towards the archived discussion?):

I see that the -u flag takes a username and password, and that it's possible to stick those values into a separate file or specified via std-in or interactively so the value can be hidden from casual view. But I'm wondering if a couple more 'privacy' options could be considered and/or thrown into the documentation:

1) I found it possible to specify a proxy-authorization (or just plain authorization) header via -H, which seems to work well. This method makes it easier to show someone else what you're working on without them being able to SEE your password - obviously it's not difficult to copy down the base64 version and decode it, but this requires more effort and a little bit of specialized knowledge, so at least your password is much less obvious.

2) When cURL has to interactively prompt for a password, would it be possible to disable echoing back what I type, or even just echo back '*'s? I realize the cross-platform nature probably makes this a little more difficult, but I'm just wondering if that's been considered, and if so whether it would be even remotely possible.

--Kevin
Received on 2000-10-25