Thus said Daniel Dumitriu on Fri, 11 Dec 2015 23:18:41 +0100: > By the way: Does the whole reasoning not hold for https URLs? They > allow a password on the command line, too.
HTTP(S) urls behave differently than SSH because they are different protocols/systems. The password in HTTP(S) is not a system login, but is rather a Fossil username/password. There is nothing with which Fossil must interact because all it does is take your password, pick a nonce, and then make a signature that gets transmitted to the remote host: http://www.fossil-scm.org/index.html/artifact/5d5c19958bad3b0de0be4f47ad022c689be0d543?txt=1&ln=40,51 Whereas with SSH, using the password necessarily means that Fossil has to interact with SSH in some fashion by looking for a password prompt, (because SSH typically does not allow passing in passwords non-interactively and implementations of such are non-standard). The only way SSH allows non-interactive authentication is to use keys. > Was done. The user name is still cut off at a possible colon > (now undocumented), but I guess that's ok, given the usual > [a-z_][a-z0-9_-]*[$] rule for user names. Likely on all Unix systems, : is not allowed in a username, but that doesn't mean that there are other systems that don't allow it, so perhaps Fossil should not treat the : as special. To make the documentation more accurate and to not silently truncate data in the username, should Fossil not treat the : as special for the SSH protocol? Andy -- TAI64 timestamp: 40000000566c5afe _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
