Hi,
Augusto Arcoverde da Rocha schrieb:
IMHO, the current password exposition is a ugly thing: $ export http_proxy=http://user:__%3E%3E**password**<<__@host.dom:8080
I wouldn't worry to much about a PROXY password. I mean who can access files and environment variables? Basically only you and the administrator of your system.
I think the bigger problem is that guessed 99% of all proxies, which ask for passwords, transmit them in clear. (I think there is no SSL protocol or digest protocol which is widely supported.)
(Our university's computation centre offers a password-proxy access using the username/password. I'm slightly reluctant to save that password on my laptop and I'm fully against transmitting it with every HTTP request. Thus I'm using a ssh tunnel with localhost:8080 as proxy.)
I think would be preferable hide the password typing and don't storing it in a file like system register, maintaining it in the memory only. Perhaps getting the password altrougt some interactive process which hide the password.
Well, exactly that you get if you add the following into your .bashrc:
printf 'Enter Password for the HTTP PROXY: ' stty -echo read pass stty echo echo "" http_proxy="http://$USER:$pass@hostname:port/" export http_proxy
Otherwise: Many programs automatically ask for a password if protcol://user@hostname:port/ didn't succeed. (At least Mozilla does so for the proxy.) I wouldn't be surprised if the Internet Explorer did the same. (It does for ftp://foo@bar.com/).
Tobias