Edgewall Software
Modify

Opened 12 years ago

Closed 12 years ago

Last modified 8 years ago

#374 closed enhancement (fixed)

Specify authentication credentials in configuration file

Reported by: Remy Blank <remy.blank@…> Owned by: cmlenz
Priority: major Milestone: 0.6
Component: General Version: dev
Keywords: Cc:
Operating System: Mac OS X

Description

Currently, the only way of passing authentication credentials to Bitten is on the command line. This is insecure, as the command line for all processes on a machine can often be seen by all users with e.g. ps.

It would be great if the credentials could be specified in the configuration file, which can then be protected using the standard filesystem permissions. The patch below does just that.

Attachments (2)

374-config-authentication-r602.patch (741 bytes) - added by Remy Blank <remy.blank@…> 12 years ago.
Patch against trunk allowing to specify authentication credentials in the configuration file.
374-config-authentication-2-r602.patch (803 bytes) - added by Remy Blank <remy.blank@…> 12 years ago.
Don't send authentication information over the network

Download all attachments as: .zip

Change History (7)

Changed 12 years ago by Remy Blank <remy.blank@…>

Patch against trunk allowing to specify authentication credentials in the configuration file.

comment:1 Changed 12 years ago by Remy Blank <remy.blank@…>

The credentials are added to the [authentication] section:

[authentication]
username=myusername
password=mypassword

comment:2 Changed 12 years ago by Remy Blank <remy.blank@…>

Oops, I have just noticed that this would send authentication information in cleartext to the build master. Not what you would call an improvement...

I'll try to come up with a better patch.

Changed 12 years ago by Remy Blank <remy.blank@…>

Don't send authentication information over the network

comment:3 follow-up: Changed 12 years ago by Remy Blank <remy.blank@…>

The second patch above removes the authentication key from the configuration file when the information has been extracted, so that it doesn't get sent over the network or logged.

comment:4 Changed 12 years ago by Remy Blank <remy.blank@…>

#235 requested the same feature.

comment:5 in reply to: ↑ 3 Changed 12 years ago by dfraser

  • Resolution set to fixed
  • Status changed from new to closed

Replying to Remy Blank <remy.blank@…>:

The second patch above removes the authentication key from the configuration file when the information has been extracted, so that it doesn't get sent over the network or logged.

Sounds fantastic - I've just committed it with only minor testing as r619

Add Comment

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain cmlenz.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.