cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: [martin@godisch.de: Bug#178473: curl: local user information leak]

From: Domenico Andreoli <cavok_at_filibusta.crema.unimi.it>
Date: Tue, 28 Jan 2003 17:26:18 +0100

On Tue, Jan 28, 2003 at 04:43:44PM +0100, Daniel Stenberg wrote:
>
> Still, this must remain treated as an extra precaution and we should
> encourage people who cares about security to NOT pass sensitive information
> in command line options. It has been mentioned in the curl FAQ for years.
>
i agree and for this reason i would not even apply the patch.

BTW, in curl manpage there is a reference to a README.curl in the
description of switch -u. debian bug #17850.

cheers
cavok

-----[ Domenico Andreoli, aka cavok
--[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50

-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
Received on 2003-01-28

This message: [ Message body ]
Next message: SourceForge.net: "[ curl-Bugs-676295 ] Host name is not checked against certificate"
Previous message: Daniel Stenberg: "Re: trace in curl"
In reply to: Daniel Stenberg: "Re: [martin@godisch.de: Bug#178473: curl: local user information leak]"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]