Specify authentication credentials in configuration file

[Remy Blank <remy.blank@…>]

Currently, the only way of passing authentication credentials to Bitten is on the command line. This is insecure, as the command line for all processes on a machine can often be seen by all users with e.g. ps.

It would be great if the credentials could be specified in the configuration file, which can then be protected using the standard filesystem permissions. The patch below does just that.

[Remy Blank <remy.blank@…>]

Patch against trunk allowing to specify authentication credentials in the configuration file.

[Remy Blank <remy.blank@…>]

The credentials are added to the [authentication] section:

[authentication]
username=myusername
password=mypassword

[Remy Blank <remy.blank@…>]

Oops, I have just noticed that this would send authentication information in cleartext to the build master. Not what you would call an improvement...

I'll try to come up with a better patch.

[Remy Blank <remy.blank@…>]

Don't send authentication information over the network

[Remy Blank <remy.blank@…>]

The second patch above removes the authentication key from the configuration file when the information has been extracted, so that it doesn't get sent over the network or logged.

[Remy Blank <remy.blank@…>]

#235 requested the same feature.

[dfraser]

Replying to Remy Blank <remy.blank@…>:

The second patch above removes the authentication key from the configuration file when the information has been extracted, so that it doesn't get sent over the network or logged.

Sounds fantastic - I've just committed it with only minor testing as r619