curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl-users Digest, Vol 141, Issue 11

From: Timothe Litt <litt_at_acm.org>
Date: Tue, 16 May 2017 10:05:56 -0400

On 16-May-17 06:00, curl-users-request_at_cool.haxx.se wrote:
> Message: 3 Date: Tue, 16 May 2017 10:53:31 +0200 From: Kamil Dudka
> <kdudka_at_redhat.com> To: Daniel Stenberg <daniel_at_haxx.se> Cc:
> curl-users <curl-users_at_cool.haxx.se>, Jeff Inman <jti_at_lanl.gov>
> Subject: Re: Suggestion: -H from a file... (curl:
> curl-users_at_cool.haxx.se exclusive) Message-ID:
> <2398029.pAIlxQZhpE_at_kdudka-nb> Content-Type: text/plain;
> charset="us-ascii" On Tuesday, May 16, 2017 10:38:23 Daniel Stenberg
> wrote:
>> On Tue, 16 May 2017, Kamil Dudka via curl-users wrote:
>>> I do not believe it would help either. As long as the curl tool gets the
>>> "secret" headers by a command-line argument, which is the only choice at
>>> the moment, it is observable from outside while curl is running.
>> It could probably be done by a script or something that pipes the secret
>> header as a -H command line option on stdout that gets read with curl's
>> --config / -K, similar to this:
>>
>> $ ./generate_secret.sh | curl -K- http://example.com/
> Indeed. I did not realize that 'curl --config' can read any command-line
> option from the standard input (or a file). Then it really has a solid
> workaround...
>
> Kamil
>
Except that there's only one standard input. It gets awkward when you
want to use it for
a config file and data. (for example).

There's an implementation of -H@ pending, so this is somewhat moot.

BTW, for cases where the "secret" is in the script (or ends up in a
script variable), another
trick is to use a HERE document:

curl -K - <<EOF # But ps | curl -K - is problematic ...
url = "http:// $server/service"
header = "DeltaBlue: The secret challenge is $$ `cat
color_of_the_day${USER}"
EOF

Of course environment variables aren't as private as one would like, but
that a
different (and somewhat less exploited) issue..

In any case, I appreciate everyone's responsiveness.

-- 
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html

Received on 2017-05-16