Authenticated Proxy support
abpillai at gmail.com
Thu Sep 1 09:21:30 BST 2005
HarvestMan too does not store your username/password in cleartext.
In HarvestMan everything is specified in a config.xml file as PCDATA
or attributes of elements which dictate the configuration.
HarvestMan uses a simple cyclic XOR obfuscation (not encryption)
combined with hexing to store the proxy server ip/name, proxy username
and proxy password to provide a simple kind of security.
For example if your proxy information is as follows,
proxy server : proxy.mycompany.com
Inside the config.xml file HarvestMan converts them to the following
proxy server: 02701f671e305d2447284535543a436d0e610c
Clearly this looks like junk to the less skilled hacker. However, it
can be cracked in less than a minute if u know what is happening ;-)
On 9/1/05, Matthieu Moy <Matthieu.Moy at imag.fr> wrote:
> Martin Pool <martinpool at gmail.com> writes:
> > On 9/1/05, Dhruva Krishnamurthy (RBIN/EDI3) *
> > <Dhruva.Krishnamurthy at in.bosch.com> wrote:
> >> I have faced big problems in trying to contribute to FSF/GNU
> >> projects (Emacs) as the version control they use (CVS/GNU Arch) does not
> >> support accessing remote repositories through authenticated proxy servers. I
> >> was wondering if Bazaar-NG has overcome this limitation.
> I have a patch for authenticated proxy via ~/.authinfo in my archive
> for tla.
> Bazaar 1.4 supports this without patching.
> > Hi Dhruva,
> > It looks like the urlgrabber module used by bzr will already support
> > proxy authentication, if you just set the environment variable
> > http_proxy=http://user:pass@proxy/
> Nice, however, it would be nice to have another way to specify the
> password. I really don't like having passwords in environment
> My implementation with a ~/.authinfo in Bazaar is slightly more
> secure. Your password still appears in cleartext, but only in one
> file. Ideally, it would be an agent like ssh-agent, keeping my
> password secure when I'm not logged in.
Anand B Pillai,
Senior Technical Analyst,
IPG-DC, Hewlett-Packard India Pvt Ltd,
Bangalore - 560030.
More information about the bazaar