From: Robin Rosenberg <robin.rosenberg@dewire.com>
To: "Shawn O. Pearce" <spearce@spearce.org>
Cc: Marek Zawirski <marek.zawirski@gmail.com>, git@vger.kernel.org
Subject: Re: [JGIT PATCH 2/5] Don't display passwords on the console in fetch/push output
Date: Thu, 10 Jul 2008 20:56:43 +0200 [thread overview]
Message-ID: <200807102056.43912.robin.rosenberg@dewire.com> (raw)
In-Reply-To: <1215670403-19191-3-git-send-email-spearce@spearce.org>
torsdagen den 10 juli 2008 08.13.20 skrev Shawn O. Pearce:
> When we show the URI we just fetched or pushed against there may
> be a user password embedded in that URI, as saved in the user's
> .git/config file. We shouldn't display that in public to prying
> eyes so nulling it out will give us a copy of the URI without that
> field in it.
>
> Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
> ---
> .../src/org/spearce/jgit/pgm/Fetch.java | 2 +-
> .../src/org/spearce/jgit/pgm/Push.java | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/org.spearce.jgit/src/org/spearce/jgit/pgm/Fetch.java b/org.spearce.jgit/src/org/spearce/jgit/pgm/Fetch.java
> index c9c997e..36a0592 100644
> --- a/org.spearce.jgit/src/org/spearce/jgit/pgm/Fetch.java
> +++ b/org.spearce.jgit/src/org/spearce/jgit/pgm/Fetch.java
> @@ -71,7 +71,7 @@ class Fetch extends TextBuiltin {
> return;
>
> out.print("From ");
> - out.print(tn.getURI());
> + out.print(tn.getURI().setPass(null));
We did this a while ago. Sort of patching broken stuff instead of fixing what's broken, thus we should make URIIsh.toiString
not display the password.
-- robin
next prev parent reply other threads:[~2008-07-10 19:06 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-10 6:13 [JGIT PATCH 0/5] Yet another round of transport fixes Shawn O. Pearce
2008-07-10 6:13 ` [JGIT PATCH 1/5] Include a progress meter for large uploads to Amazon S3 Shawn O. Pearce
2008-07-10 6:13 ` [JGIT PATCH 2/5] Don't display passwords on the console in fetch/push output Shawn O. Pearce
2008-07-10 6:13 ` [JGIT PATCH 3/5] Reuse the same SSH connection when automatically fetching tags Shawn O. Pearce
2008-07-10 6:13 ` [JGIT PATCH 4/5] Report remote SSH execution errors during push via TransportException Shawn O. Pearce
2008-07-10 6:13 ` [JGIT PATCH 5/5] Explicitly capture the stderr from a failed SSH fetch or push Shawn O. Pearce
2008-07-10 18:56 ` Robin Rosenberg [this message]
2008-07-10 20:17 ` [JGIT PATCH 2/5] Don't display passwords on the console in fetch/push output Robin Rosenberg
2008-07-10 22:25 ` Johannes Schindelin
2008-07-10 22:42 ` Robin Rosenberg
2008-07-11 3:20 ` Shawn O. Pearce
2008-07-11 8:30 ` Robin Rosenberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200807102056.43912.robin.rosenberg@dewire.com \
--to=robin.rosenberg@dewire.com \
--cc=git@vger.kernel.org \
--cc=marek.zawirski@gmail.com \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).