cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Authentication format???

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 25 Oct 2000 17:56:43 +0200 (MET DST)

On Wed, 25 Oct 2000, Kevin P Roth wrote:

> Question (again, if this has been beaten to death already, could someone
> summarize briefly or point me towards the archived discussion?):

It hasn't!

> I see that the -u flag takes a username and password, and that it's
> possible to stick those values into a separate file or specified via
> std-in or interactively so the value can be hidden from casual view. But
> I'm wondering if a couple more 'privacy' options could be considered
> and/or thrown into the documentation:

Certainly! I always appriciate improvements. If you'd update one of the docs
files and send me a regular diff -c or diff -u patch, I'd apply it instantly!

> 1) I found it possible to specify a proxy-authorization (or just plain
> authorization) header via -H, which seems to work well. This method makes
> it easier to show someone else what you're working on without them being
> able to SEE your password - obviously it's not difficult to copy down the
> base64 version and decode it, but this requires more effort and a little
> bit of specialized knowledge, so at least your password is much less
> obvious.

True, but copying the -H option is just as easy as copying a -u option. If
seen in a ps-list or similar I mean.

> 2) When cURL has to interactively prompt for a password, would it be
> possible to disable echoing back what I type, or even just echo back
> '*'s?

It does attempt to disable echoing. If it doesn't on your platform, there's
room for improvements! (I believe in complete echo disable in good old unix-
style, I don't like *-style)

> I realize the cross-platform nature probably makes this a little more
> difficult, but I'm just wondering if that's been considered, and if so
> whether it would be even remotely possible.

As you say, it is rather platform-specific. But if you start and tell us what
platform you're using and what it looks like when curl prompts you for a
password, we can take it from there! ;-)

-- 
  Daniel Stenberg -- curl project maintainer -- http://curl.haxx.se/
Received on 2000-10-25