[prev in list] [next in list] [prev in thread] [next in thread] 

List:       darcs-users
Subject:    Re: [darcs-users] Re: get/pull with cookie?
From:       Juliusz Chroboczek <Juliusz.Chroboczek () pps ! jussieu ! fr>
Date:       2006-08-31 21:28:54
Message-ID: 7i8xl4vbl5.fsf () lanthane ! pps ! jussieu ! fr
[Download RAW message or body]

>> darcs pull http://user:pass@host.com

> This is what I have been using for my own restricted and read-only
> repositories. The only problem with this is that the username and
> password are sent in the clear plus it gets stored in at least 2
> places. So you might want to consider the following:

> - If you are using a shell with history features the command
> containing your username and password will be stored in the history
> file (.bash_history).

darcs pull "http://user:$(cat ~/.password)@host.com"

> - As Mark pointed out above, the URL of your last used repository will
> be stored in _darcs/prefs/repos since the username and password was
> part of your URL, it will be stored also.

Yes.

> HTTP Basic Authentication is not all that secure if you think about
> it. But I use it because I found out that some bots (or programs
> masquerading as bots) managed to crawl into the repository folder
> despite the fact that it is named in my robots.txt file DENY list.
> There are other ways to protect against this but HTTP Basic
> Authentication is the simplest solution.

This cannot be overstated enough.

                                        Juliusz


_______________________________________________
darcs-users mailing list
darcs-users@darcs.net
http://www.abridgegame.org/mailman/listinfo/darcs-users
[prev in list] [next in list] [prev in thread] [next in thread]