curl-users
Re: Authentication format???
Date: Wed, 25 Oct 2000 17:56:43 +0200 (MET DST)
On Wed, 25 Oct 2000, Kevin P Roth wrote:
> Question (again, if this has been beaten to death already, could someone
> summarize briefly or point me towards the archived discussion?):
It hasn't!
> I see that the -u flag takes a username and password, and that it's
> possible to stick those values into a separate file or specified via
> std-in or interactively so the value can be hidden from casual view. But
> I'm wondering if a couple more 'privacy' options could be considered
> and/or thrown into the documentation:
Certainly! I always appriciate improvements. If you'd update one of the docs
files and send me a regular diff -c or diff -u patch, I'd apply it instantly!
> 1) I found it possible to specify a proxy-authorization (or just plain
> authorization) header via -H, which seems to work well. This method makes
> it easier to show someone else what you're working on without them being
> able to SEE your password - obviously it's not difficult to copy down the
> base64 version and decode it, but this requires more effort and a little
> bit of specialized knowledge, so at least your password is much less
> obvious.
True, but copying the -H option is just as easy as copying a -u option. If
seen in a ps-list or similar I mean.
> 2) When cURL has to interactively prompt for a password, would it be
> possible to disable echoing back what I type, or even just echo back
> '*'s?
It does attempt to disable echoing. If it doesn't on your platform, there's
room for improvements! (I believe in complete echo disable in good old unix-
style, I don't like *-style)
> I realize the cross-platform nature probably makes this a little more
> difficult, but I'm just wondering if that's been considered, and if so
> whether it would be even remotely possible.
As you say, it is rather platform-specific. But if you start and tell us what
platform you're using and what it looks like when curl prompts you for a
password, we can take it from there! ;-)
-- Daniel Stenberg -- curl project maintainer -- http://curl.haxx.se/Received on 2000-10-25