Not storing passwords in cleartext
Matthieu Moy
Matthieu.Moy at imag.fr
Thu Dec 1 09:19:37 GMT 2005
Robey Pointer <robey at lag.net> writes:
> It's true. In fact I can easily imagine a DAV site hosting several
> repositories, each with their own set of username/password.
I've been working with this configuration, but a simple
(host+username) -> password association is sufficient, because you can
provide the username in the URL:
http://user1@host.com/foo => will use user1
http://user2@host.com/foo => will use user2
>> How about a .ini file like
>>
>> [http://host.com]
>> login=<default login for host.com with http>
>> password=<defauld pass for host.com with http>
>> password=<password for user John> login=john
>> login=<login for http://host.com/webdav/jane directory> path=webdav/jane
>> password=<password for http://host.com/webdav/jane directory>
>> path=webdav/jane
>
> Maybe the formatting got messed up,
No :-)
> but that looks very confusing.
I have to agree, but the problem is a bit more complex than it seems.
> What if there was just a different section for each url, and you
> picked the closest-matching url?
>
> [http://example.com/webdav/jane]
> login=john
> password=abc
Then, you can't manage multiple passwords for the same URL. Or perhaps
repeating the URL multiple times in the file (is that allowed by INI
files ?).
[http://example.com/webdav/shared]
login=john
password=abc
[http://example.com/webdav/shared]
login=jane
password=defg
--
Matthieu
More information about the bazaar
mailing list