Mailinglist Archive: zypp-devel (149 mails)

< Previous Next >
Re: [zypp-devel] CredentialManager to get data for authentication
  • From: Jan Kupec <jkupec@xxxxxxx>
  • Date: Tue, 16 Sep 2008 12:22:04 +0200
  • Message-id: <48CF88CC.8040303@xxxxxxx>
Michael Andres wrote:
On Tue, Sep 16, Jan Kupec wrote:

look at the file provided as ?credentials=/absolute/path/credfile

- the URL has to be saved with this parameter
- Q: isn't revealing of the location of the credentials file
a security issue?

I don't think so. Everybody knows that passwords are stored in /etc/passwd. This does not make it less secure.

true

The credential file has the format:

username=...
password=...

(of soemthing similar if curl supports credentials from file)
plus a URL, in case the location is not part of the URL as the 'credentials' parameter. The URL could be the INI section name: [URL].

This kind of credential file was meant to be independent from the URL, i.e even usable with multiple URLs. Not a catalog of credentials.

Such a file should contain _one_ username/password pair. Nothing else.

I agree, i wrote "in case the location is not part of the URL as the 'credentials' parameter". I just say we need to put the URL there as long as the location of the cred. file is not supplied by the user. Or?

--
cheers,
jano
--
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups