Menu
I've been looking at Git and cURL and I found some references about .netrc, that may help on HTTP authentication. The problem is: .netrc is dumb, because it stores passwords in plain text format, which is a big security issue for the solution I'm developing.
Is there an alternative to the .netrc approach? Is it possible to develop an "authentication backend" to cURL?
262
curl searches the . netrc file for a machine token that matches the remote machine specified in the URL. Once a match is made, the subsequent . netrc tokens are processed, stopping when the end of file is reached or another machine is encountered.
One way to avoid passing the user name and password on the command line is to instead use a . netrc file or a config file. You can also use the -u option without specifying the password, and then curl will instead prompt the user for it when it runs.
A netrc file (. netrc or _netrc) is used to hold credentials necessary to login to your LabKey Server and authorize access to data stored there. The netrc file contains authentication for connecting to one or more machines, often used when working with APIs or scripting languages.
netrc file presents a significant security risk since it stores passwords in unencrypted form. Even if FTP is disabled, user accounts may have brought over .
Update April 2013, git 1.8.3:
A new read-only credential helper (in
contrib/) to interact with the.netrc/.authinfofiles has been added.
That script would allow you to use gpg-encrypted netrc files, avoiding the issue of having your credentials stored in a plain text file.
To enable this credential helper:
git config credential.helper '$shortname -f AUTHFILE1 -f AUTHFILE2'
(Note that Git will prepend "
git-credential-" to the helper name and look for it in the path.)
**See a full example at "Is there a way to skip password typing when using https:// github**"
Original answer (March 2011)
The only alternative (except not using it and going through ssh) would be to:
crypt')Note that on Unix, that file is normally in mode 600, only visible by you.
On Windows (_netrc), that file should be in your HOMEDIR, which shouldn't be accessible (through Windows ACL) to any other users.
But I still don't like a password in plain text...
This thread, for example, goes through the same process (on Unix for gpg, but it still illustrates the solution nicely):
Below I have included a sample script implementing the usage of '
gpg', which can be used to encrypt the contents of a file. It's in shell script, however I'm sure you can adapt the concept to your perl script.
I think for your needs the basic idea is:
- create a plain-text file with your password (and other info) 2. encrypt it using
gpgand store the encrypted file; dispose of the plain-text file 3. Within the perl script, decrypt the encrypted file into a plain-text file 4. read contents of plain-text file during runtime of your script 5. delete plain-text file as soon as possible.
Here's just an example of the workings of gpg:
#!/bin/sh
echo -n "Enter your password: "
read pass
FILE=~/mypassword
echo $pass > $FILE
gpg -c $FILE
rm -f $FILE
gpg $FILE.gpg
MYPASSWORD=`cat $FILE`
rm -f $FILE
echo $MYPASSWORD
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
