On Wed, 22 Oct 2008, Josef Wolf wrote:

>> curl assumes that a user name & password specified in a URL is complete and
>> doesn't request a further password from the user in this case.
>
> IMHO, this is very impractical: often URLs are specified on command line,
> revealing the password to everyone who can run ps.

This is again back to what curl the tool does and not what libcurl asks for
or behaves, but curl allows a range of different ways to set the user and
password such as the .curlrc and .netrc files, or you can set them in any file
and pass to curl using the -K option (and that works on stdin as well).

And if none of those are fine, curl also hides -u options from the ps output
on most operating systems.

And it offers to read the password using a prompt.

I don't consider that impractical but possibly a bit overwhelming due to the
massive amount of different alternatives you can select from.

-- 
  / daniel.haxx.se