curl-users
user:password inside URL
Date: Tue, 30 Sep 2003 16:29:45 -0700
I was just doing some experimenting with http authentication and have some
questions.
It seems there are two choices for providing user name and password
information:
(1) embedded in the URL like http://user:password@host:port
(2) with --user
There's a big note in docs/MANUAL that (1) doesn't work when using a proxy.
I'm curious as to why since curl seems to be doing the parsing anyway and it
seems like curl could make the bytes on the wire appear the same whether (1)
or (2) was used.
In any case, (2) worked fine for me using https, -k, --ntlm, both with and
without --proxy. However, (1) didn't work for me even without --proxy, like
this:
$ curl -k "https://user:password@host/path" --trace trace2.out --ntlm
Error: Access is Denied.
$ echo $?
0
or with --fail, I get:
$ curl -k "https://user:password@host/path" --trace trace2.out --ntlm --fail
curl: (22) The requested URL returned error: 401
$ echo $?
22
$ curl -k --user "user:password" https://host/path --trace trace.out --ntlm
works fine.
I'm using
$ curl --version
curl 7.10.7 (win32) libcurl/7.10.7 OpenSSL/0.9.7a
Protocols: ftp gopher telnet dict ldap http file https ftps
Features: SSL NTLM
In both cases I get a 401 error from the server after the first GET. In the
case that works (with --user), the second GET works. I'm a bit nervous
about sending the whole trace to folks as it contains some sensitive
information. I will say in case it's important that the password does
contain some "wacky" characters like < (a less than). If there's some part
of the trace that's useful, I may be convinced to send along bits of it.
So, two questions:
- Should MANUAL say something more restrictive about when embedding user and
password info in the URL works?
- Is there some way to may the embedded user and password work all the time,
even with proxies, https, -k (or not), etc.?
Thanks much, and congratulations on your new baby.
-DB
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-10-01