pr-1237/derrickstolee/creds-in-url-v2
tagged this
27 May 13:27
From: Derrick Stolee <derrickstolee@github.com> Users sometimes provide a "username:password" combination in their plaintext URLs. Since Git stores these URLs in plaintext in the .git/config file, this is a very insecure way of storing these credentials. Credential managers are a more secure way of storing this information. System administrators might want to prevent this kind of use by users on their machines. Create a new "fetch.credentialsInUrl" config option and teach Git to warn or die when seeing a URL with this kind of information. The warning anonymizes the sensitive information of the URL to be clear about the issue. This change currently defaults the behavior to "allow" which does nothing with these URLs. We can consider changing this behavior to "warn" by default if we wish. At that time, we may want to add some advice about setting fetch.credentialsInUrl=ignore for users who still want to follow this pattern (and not receive the warning). As an attempt to ensure the parsing logic did not catch any unintentional cases, I modified this change locally to to use the "die" option by default. Running the test suite succeeds except for the explicit username:password URLs used in t5550-http-fetch-dumb.sh and t5541-http-push-smart.sh. This means that all other tested URLs did not trigger this logic. Signed-off-by: Derrick Stolee <derrickstolee@github.com> Submitted-As: https://lore.kernel.org/git/pull.1237.v2.git.1653658034086.gitgitgadget@gmail.com In-Reply-To: https://lore.kernel.org/git/pull.1237.git.1653329044940.gitgitgadget@gmail.com
Assets 2
-
2022-05-27T13:27:14Z -
2022-05-27T13:27:14Z -