[darcs-users] Re: get/pull with cookie?
Nimrod A. Abing
nimrod.abing at gmail.com
Thu Aug 24 00:39:41 UTC 2006
On 8/17/06, Mark Stosberg <mark at summersault.com> wrote:
> Paul Chiusano wrote:
> > Is it possible for get/pull to use a cookie, or more generally, have
> > more control over the http request that gets sent when doing a get or
> > pull? I'd like to be able to just authenticate users via the browser,
> > then have darcs use the returned cookie when doing get/pulls.
> >
> > Alternately, is there some way to get darcs to respond to a '401
> > Authentication Required' header by querying the user for a username
> > and password?
>
> This should work:
>
> darcs pull http://user:pass@host.com
>
> Since darcs will remember the repo address by default, next time you
> can do just 'darcs pull', as normal.
This is what I have been using for my own restricted and read-only
repositories. The only problem with this is that the username and
password are sent in the clear plus it gets stored in at least 2
places. So you might want to consider the following:
- If you are using a shell with history features the command
containing your username and password will be stored in the history
file (.bash_history).
- As Mark pointed out above, the URL of your last used repository will
be stored in _darcs/prefs/repos since the username and password was
part of your URL, it will be stored also.
- If you use a proxy to connect to HTTP servers on the Internet, then
your proxy might store the URL in its cache.
The third case is not good if you are really paranoid about security
because if the proxy is provided by your ISP, then there is nothing
you can do about it.
HTTP Basic Authentication is not all that secure if you think about
it. But I use it because I found out that some bots (or programs
masquerading as bots) managed to crawl into the repository folder
despite the fact that it is named in my robots.txt file DENY list.
There are other ways to protect against this but HTTP Basic
Authentication is the simplest solution.
Just my two cents.
--
_nimrod_a_abing_
[?] http://abing.gotdns.com
More information about the darcs-users
mailing list