Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mask password passed in as command line arg like mysql #3680

Closed
ericcurtin opened this issue Mar 13, 2019 · 8 comments

Comments

Projects
None yet
2 participants
@ericcurtin
Copy link

commented Mar 13, 2019

I did this

curl -x https://user:password@your-proxy-ip-addess:12/ http://www.google.com

ps -ef | grep curl
curtine 7859 3321 0 17:32 pts/1 00:00:00 curl -x https://user:password@your-proxy-ip-addess:12/ http://www.google.com

I expected the following

Masked password for proxy password. Like mysql does https://unix.stackexchange.com/questions/78757/securely-feeding-a-program-with-a-password

curl/libcurl version

curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.0g zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

operating system

ubuntu 18.04

@bagder bagder added the cmdline tool label Mar 13, 2019

@bagder

This comment has been minimized.

Copy link
Member

commented Mar 13, 2019

If you provide the name and password with the dedicated -U or --proxy-user flag then curl will (attempt to) hide it.

@bagder

This comment has been minimized.

Copy link
Member

commented Mar 14, 2019

I don't think we should clear the entire proxy string just because someone might pass their credentials there. We could consider scrubbing out them from the string, but since we have a working way to do this I don't think we have to.

@ericcurtin

This comment has been minimized.

Copy link
Author

commented Mar 14, 2019

Yes -U masks just fine. Good to know. Might be worth adding to man page.

bagder added a commit that referenced this issue Mar 14, 2019

@ericcurtin

This comment has been minimized.

Copy link
Author

commented Mar 14, 2019

I opened a PR but you were too fast for me @bagder #3684

I can close mine.

@ericcurtin

This comment has been minimized.

Copy link
Author

commented Mar 14, 2019

Thanks 😃

bagder added a commit that referenced this issue Mar 14, 2019

curl.1: --user and --proxy-user are hidden from ps output
Suggested-by: Eric Curtin
Improved-by: Dan Fandrich
Ref: #3680
@bagder

This comment has been minimized.

Copy link
Member

commented Mar 14, 2019

Hehe, I was a whole minute faster! 😆

bagder added a commit that referenced this issue Mar 14, 2019

curl.1: --user and --proxy-user are hidden from ps output
Suggested-by: Eric Curtin
Improved-by: Dan Fandrich
Ref: #3680

Closes #3683
@bagder

This comment has been minimized.

Copy link
Member

commented Mar 14, 2019

@ericcurtin are you ok with us closing this issue now?

@ericcurtin

This comment has been minimized.

Copy link
Author

commented Mar 14, 2019

👍

@ericcurtin ericcurtin closed this Mar 14, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.