Mailinglist Archive: zypp-devel (149 mails)

[Michael Andres <ma@xxxxxxx>]

On Tue, Sep 16, Jan Kupec wrote:

>    look at the file provided as ?credentials=/absolute/path/credfile
>
>    - the URL has to be saved with this parameter
>    - Q: isn't revealing of the location of the credentials file
>      a security issue?

I don't think so. Everybody knows that passwords are stored in 
/etc/passwd. This does not make it less secure.


> > The credential file has the format:
> >
> > username=...
> > password=...
> >
> > (of soemthing similar if curl supports credentials from file)
>
> plus a URL, in case the location is not part of the URL as the 
> 'credentials' parameter. The URL could be the INI section name: [URL].

This kind of credential file was meant to be independent from the URL, 
i.e even usable with multiple URLs. Not a catalog of credentials.

Such a file should contain _one_ username/password pair. Nothing else.

-- 

cu,
    Michael Andres

+------------------------------------------------------------------+
Key fingerprint = 2DFA 5D73 18B1 E7EF A862  27AC 3FB8 9E3A 27C6 B0E4
+------------------------------------------------------------------+
Michael Andres             YaST Development            ma@xxxxxxxxxx
SUSE LINUX Products GmbH, GF:  Markus Rex,  HRB 16746 (AG Nuernberg)
Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0
+------------------------------------------------------------------+

-- 
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx