Authenticated Proxy support

Anand Pillai abpillai at
Thu Sep 1 09:21:30 BST 2005

HarvestMan too does not store your username/password in cleartext.
In HarvestMan everything is specified in a config.xml file as PCDATA
or attributes of elements which dictate the configuration.
   HarvestMan uses a simple cyclic XOR obfuscation (not encryption)
combined with hexing to store the proxy server ip/name, proxy username
and proxy password to provide a simple kind of security.

 For example if your proxy information is as follows,

proxy server :
username: alice
password: bob

Inside the config.xml file HarvestMan converts them to the following

proxy server: 02701f671e305d2447284535543a436d0e610c
username: 0d61086b0e
password: 0d6200

Clearly this looks like junk to the less skilled hacker. However, it
can be cracked in less than a minute if u know what is happening ;-)


On 9/1/05, Matthieu Moy <Matthieu.Moy at> wrote:
> Martin Pool <martinpool at> writes:
> > On 9/1/05, Dhruva Krishnamurthy (RBIN/EDI3) *
> > <Dhruva.Krishnamurthy at> wrote:
> >
> >>         I have faced big problems in trying to contribute to FSF/GNU
> >> projects (Emacs) as the version control they use (CVS/GNU Arch) does not
> >> support accessing remote repositories through authenticated proxy servers. I
> >> was wondering if Bazaar-NG has overcome this limitation.
> I have a patch for authenticated proxy via ~/.authinfo in my archive
> for tla.
> Bazaar 1.4 supports this without patching.
> > Hi Dhruva,
> >
> > It looks like the urlgrabber module used by bzr will already support
> > proxy authentication, if you just set the environment variable
> > http_proxy=http://user:pass@proxy/
> Nice, however, it would be nice to have another way to specify the
> password. I really don't like having passwords in environment
> variables.
> My implementation with a ~/.authinfo in Bazaar is slightly more
> secure. Your password still appears in cleartext, but only in one
> file. Ideally, it would be an agent like ssh-agent, keeping my
> password secure when I'm not logged in.
> --
> Matthieu

Anand B Pillai,
Senior Technical Analyst,
IPG-DC, Hewlett-Packard India Pvt Ltd,
Near Forum,Adugodi,
Bangalore - 560030.

More information about the bazaar mailing list