~/.cabal/config does not allow setting a http proxy #1138

gsauthof opened this Issue Dec 4, 2012 · 0 comments


None yet

2 participants

gsauthof commented Dec 4, 2012

Cabal uses Network.HTTP.Proxy which looks up proxy settings via the http_proxy and HTTP_PROXY environment variables.

(Under Windows it also queries the registry for a proxy setting).

Thus, to use cabal behind a proxy one has to put all proxy information into an environment variable.

This is a security related issue when following conditions apply:

  1. working on a multi-user system
  2. a user is able to inspect the environment variables of other users (e.g. on Solaris this is the case)
  3. Proxy access is restricted via username/password

Sure, one can argue that the issue is not that big because most users don't work on multi-user systems, even less use systems like Solaris and most proxy password are not that secret.

But still.

To fix this there are a few possibilities:

  • add http proxy server/username/password options to ~/.cabal/config
  • modify Network.HTTP.Proxy such that it also looks up possibly configured proxy settings via ~/.curlrc, ~/.wgetrc etc.
@ttuegel ttuegel added this to the _|_ milestone Apr 23, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment