[ Cc'ing to [EMAIL PROTECTED], as requested by Guillaume. ] Guillaume Morin <[EMAIL PROTECTED]> writes:
> this is from the "advanced usage" section of examples (info docs): > >> * If you want to encode your own username and password to HTTP or >> FTP, use the appropriate URL syntax (*note URL Format::). >> >> wget ftp://hniksic:[EMAIL PROTECTED]/.emacs > > this would let other users on the system to see your password using > "ps". it should have a big disclaimer. You're right. I'll apply this patch, which I think should add enough warnings to educate the unwary. 2002-04-10 Hrvoje Niksic <[EMAIL PROTECTED]> * wget.texi: Warn about the dangers of specifying passwords on the command line and in unencrypted files. Index: doc/wget.texi =================================================================== RCS file: /pack/anoncvs/wget/doc/wget.texi,v retrieving revision 1.62 diff -u -r1.62 wget.texi --- doc/wget.texi 2001/12/16 18:05:34 1.62 +++ doc/wget.texi 2002/04/10 21:40:32 @@ -285,6 +285,13 @@ @file{.netrc} file in your home directory, password will also be searched for there.} +@strong{Important Note}: if you specify a password-containing @sc{url} +on the command line, the username and password will be plainly visible +to all users on the system, by way of @code{ps}. On multi-user systems, +this is a big security risk. To work around it, use @code{wget -i -} +and feed the @sc{url}s to Wget's standard input, each on a separate +line, terminated by @kbd{C-d}. + You can encode unsafe characters in a @sc{url} as @samp{%xy}, @code{xy} being the hexadecimal representation of the character's @sc{ascii} value. Some common unsafe characters include @samp{%} (quoted as @@ -849,8 +856,15 @@ @code{digest} authentication scheme. Another way to specify username and password is in the @sc{url} itself -(@pxref{URL Format}). For more information about security issues with -Wget, @xref{Security Considerations}. +(@pxref{URL Format}). Either method reveals your password to anyone who +bothers to run @code{ps}. To prevent the passwords from being seen, +store them in @file{.wgetrc} or @file{.netrc}, and make sure to protect +those files from other users with @code{chmod}. If the passwords are +really important, do not leave them lying in those files either---edit +the files and delete them after Wget has started the download. + +For more information about security issues with Wget, @xref{Security +Considerations}. @cindex proxy @cindex cache @@ -975,6 +989,9 @@ authentication on a proxy server. Wget will encode them using the @code{basic} authentication scheme. +Security considerations similar to those with @samp{--http-passwd} +pertain here as well. + @cindex http referer @cindex referer, http @item --referer=@var{url} @@ -2409,6 +2426,10 @@ wget ftp://hniksic:mypassword@@unix.server.com/.emacs @end example +Note, however, that this usage is not advisable on multi-user systems +because it reveals your password to anyone who looks at the output of +@code{ps}. + @cindex redirecting output @item You would like the output documents to go to standard output instead of @@ -2773,10 +2794,12 @@ main issues, and some solutions. @enumerate -@item -The passwords on the command line are visible using @code{ps}. If this -is a problem, avoid putting passwords from the command line---e.g. you -can use @file{.netrc} for this. +@item The passwords on the command line are visible using @code{ps}. +The best way around it is to use @code{wget -i -} and feed the @sc{url}s +to Wget's standard input, each on a separate line, terminated by +@kbd{C-d}. Another workaround is to use @file{.netrc} to store +passwords; however, storing unencrypted passwords is also considered a +security risk. @item Using the insecure @dfn{basic} authentication scheme, unencrypted