On Tue, Sep 16, Jan Kupec wrote:
look at the file provided as ?credentials=/absolute/path/credfile
- the URL has to be saved with this parameter - Q: isn't revealing of the location of the credentials file a security issue?
I don't think so. Everybody knows that passwords are stored in /etc/passwd. This does not make it less secure.
The credential file has the format:
username=... password=...
(of soemthing similar if curl supports credentials from file)
plus a URL, in case the location is not part of the URL as the 'credentials' parameter. The URL could be the INI section name: [URL].
This kind of credential file was meant to be independent from the URL, i.e even usable with multiple URLs. Not a catalog of credentials. Such a file should contain _one_ username/password pair. Nothing else. -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org