Re: [PATCH] http authentication via prompts

[Mike Gaffney <mr.gaffo@gmail.com>]

My thought was that if you had a password you didn't care about you could put it in the config.
It does ask you for a password with getpass, It compiles under cygwin, I havent tried it under
windows. However the man page for getpass shows the source so coding up getpass directly isn't a
big deal.

Junio, I'm new to this patch game and using Thunderbird. What's the best way
to wrap the patch?

-Mike

Johannes Schindelin wrote:
> Hi,
> 
> Disclaimer: if you are offended by constructive criticism, or likely to 
> answer with insults to the comments I offer, please stop reading this mail 
> now (and please do not answer my mail, either). :-)
> 
> Still with me?  Good.  Nice to meet you.
> 
> Just for the record: responding to a patch is my strongest way of saying 
> that I appreciate your work.
> 
> On Wed, 4 Mar 2009, Mike Gaffney wrote:
> 
>> Currently git over http only works with a .netrc file which required 
>> that you store your password on the file system in plaintext. This 
>> commit adds to configuration options for http for a username and an 
>> optional password. If a http.username is set, then the .netrc file is 
>> ignored and the username is used instead. If a http.password is set, 
>> then that is used as well, otherwise the user is prompted for their 
>> password.
> 
> From the subject, I would have expected a way to type in the password 
> instead of storing it.  (Think getpass()... which would pose problems 
> with Windows support, of course.)
> 
> FWIW by having it in .git/config (which is most likely more world-readable 
> than $HOME/.netrc ever will be) does not provide any security over .netrc.
> 
> And I doubt that http.username is a good choice: what if you have multiple 
> http:// URLs with different usernames/passwords?  So would it not make 
> more sense to make this remote.<name>.user and ...password?
> 
> Ciao,
> Dscho

-- 
-Mike Gaffney (http://rdocul.us)