_netrc /替代的.netrc卷曲 [英] _netrc/.netrc alternative to cURL
问题描述
我一直在寻找的Git和卷曲,我发现有关的.netrc一些参考,可以帮助对HTTP认证。现在的问题是:一.netrc是愚蠢的,因为它存储密码以纯文本格式,这是一种大安全我开发的解决问题。
有没有办法的.netrc替代?它可以开发一个认证后端卷曲?
更新的 2013年4月,混帐1.8.3 :
A 新的只读凭据帮手 (适用于
的contrib /)与之交互的的.netrc / .authinfo文件已添加。该脚本将允许您使用GPG加密文件NETRC ,避免其存储在一个纯文本文件的凭据的问题。
要启用此凭据帮手:
混帐配置credential.helper'$短名称-f AUTHFILE1 -f AUTHFILE2
(请注意,Git会prePEND
混帐凭据 -,以辅助名称和寻找它
在路径中。)参见一个完整的例子有没有办法使用时跳过密码输入
HTTPS: // github上原来的答复(2011年3月)
唯一的选择(除了不使用它,并通过SSH会)将是:
- 加密文件(例如,在Windows上,公用程序
地穴')- 只是卷曲呼叫
之前解密- 则卷曲呼叫
后立即再次对其进行加密需要注意的是在Unix上,该文件是通常模式600,只有您能看到。结果
在Windows(_netrc),该文件应该在你的HOMEDIR,这不应该访问(通过Windows ACL )任何其他用户。结果
但我还是不喜欢明文密码...此线程时,例如,经过同样的过程(在Unix上为GPG,但它仍然很好地说明了该解决方案):
下面我已经包括实施的
GPG'的使用,它可以用来将一个文件的内容进行加密的示例脚本。它在shell脚本,但是我敢肯定,你可以观适应你的perl脚本。
我觉得您需要的基本思路是:
- 创建一个纯文本文件,你的密码(和其他信息)
- 使用它加密
GPG并存储加密的文件;处置的纯文本文件的
- 在perl脚本,解密加密文件转换成纯文本文件
- 您的脚本运行时读取纯文本文件的内容
- 尽快删除纯文本文件。
下面只是GPG的运作的例子:
#!/ bin / sh的
呼应-n输入您的密码:
读通过FILE =〜/输入mypassword
回声$ PASS> $ FILE
GPG -C $ FILE
RM -f $ FILEGPG $ FILE.gpg
MYPASSWORD =`$猫FILE`
RM -f $ FILE回声$ MYPASSWORDI've been looking at Git and cURL and I found some references about .netrc, that may help on http auth. The problem is: .netrc is dumb because it stores passwords in plain text format, which is a big security issue for the solution I'm developing.
Is there an alternative to .netrc approach? It is possible to develop an "authentication backend" to cURL?
解决方案Update April 2013, git 1.8.3:
A new read-only credential helper (in
contrib/) to interact with the.netrc/.authinfofiles has been added.That script would allow you to use gpg-encrypted netrc files, avoiding the issue of having your credentials stored in a plain text file.
To enable this credential helper:
git config credential.helper '$shortname -f AUTHFILE1 -f AUTHFILE2'
(Note that Git will prepend "
git-credential-" to the helper name and look for it in the path.)See a full example at "Is there a way to skip password typing when using
https:// github"
Original answer (March 2011)
The only alternative (except not using it and going through ssh) would be to:
- encrypt that file (for instance, on Windows, with the utility '
crypt')- decrypt it just before the curl call
- then encrypt it again right after the curl call
Note that on Unix, that file is normally in mode 600, only visible by you.
On Windows (_netrc), that file should be in yourHOMEDIR, which shouldn't be accessible (through Windows ACL) to any other users.
But I still don't like a password in plain text...This thread, for example, goes through the same process (on Unix for gpg, but it still illustrates the solution nicely):
Below I have included a sample script implementing the usage of '
gpg', which can be used to encrypt the contents of a file. It's in shell script, however I'm sure you can adapt the concept to your perl script.I think for your needs the basic idea is:
- create a plain-text file with your password (and other info)
- encrypt it using
gpgand store the encrypted file; dispose of the plain-text file- Within the perl script, decrypt the encrypted file into a plain-text file
- read contents of plain-text file during runtime of your script
- delete plain-text file as soon as possible.
Here's just an example of the workings of gpg:
#!/bin/sh echo -n "Enter your password: " read pass FILE=~/mypassword echo $pass > $FILE gpg -c $FILE rm -f $FILE gpg $FILE.gpg MYPASSWORD=`cat $FILE` rm -f $FILE echo $MYPASSWORD
这篇关于_netrc /替代的.netrc卷曲的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
