curl-users
newbie help: https and -u user:password authentication
Date: Sat, 28 Jun 2003 00:01:56 -0400
I have been charged with taking over the maintenance of someone else's
process, and I want to make sure I understand what's going on. The part
of the process involving cURL is something I have no familiarity with.
I've been reading the documentation and digging through the archives,
but my question might be a bit too basic.
So, can someone explain to me, or reassure me, that the user:password
values in the following command are encrypted when they are sent?
curl -u myname:mypass -D cookies1 https://securesite.com
curl -b cookies1 -D cookies2 https://securesite.com
curl -O -b cookies2 https://securesite.com/myfile.zip
I am particular concerned with the first line. I just want to make sure
that, regardless of the fact that the username and password are stored
as clear text in the script on the machine, they are encrypted before
being sent by curl to the target site.
I am only familiar with the web interface for the target site, but I
would think that, aside from the above method of authenticating, it
should also be possible to authenticate by posting the form values
instead. Is there a difference in the security of the above code versus
doing something like the following?
curl -D cookie1 https://securesite.com
curl -b cookie1 -d "user=myname&pass=mypass&submit=Log%20In" -D cookie2
https://securesite.com
curl -O -b cookie2 https://securesite.com/myfile.zip
Thanks in advance for any assistance!
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
Received on 2003-06-28