Michael Andres wrote:
On Tue, Sep 16, Jan Kupec wrote:
look at the file provided as ?credentials=/absolute/path/credfile
- the URL has to be saved with this parameter - Q: isn't revealing of the location of the credentials file a security issue?
I don't think so. Everybody knows that passwords are stored in /etc/passwd. This does not make it less secure.
true
The credential file has the format:
username=... password=...
(of soemthing similar if curl supports credentials from file) plus a URL, in case the location is not part of the URL as the 'credentials' parameter. The URL could be the INI section name: [URL].
This kind of credential file was meant to be independent from the URL, i.e even usable with multiple URLs. Not a catalog of credentials.
Such a file should contain _one_ username/password pair. Nothing else.
I agree, i wrote "in case the location is not part of the URL as the 'credentials' parameter". I just say we need to put the URL there as long as the location of the cred. file is not supplied by the user. Or? -- cheers, jano -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org