On Sat, Feb 1, 2014 at 2:14 AM, Kevin Martin <ke...@khn.org.uk> wrote:
> > On 1 Feb 2014, at 05:03, Andy Bradford <amb-fos...@bradfords.org> wrote: > > > If everyone else agrees that this is a good idea (automatically sending > > HTTP Authorization in response to 401) > > How does fossil authenticate with a server, does it send the password > plaintext? HTTP Basic Auth does! > > I'm not sure whether this should just happen by default unless the > connection is HTTPS as defaulting to sending plaintext auth data over HTTP > seems like a bad idea. > > Also I never knew about prefixing the password with #, for me documenting > that is enough. I'm happy now using it as is. > I've got a whole bunch of users who will be glad to have this option available. Think of the impression fossil will leave on them if they have to put a # in the password. It seems a little lame to me. In my opinion fossil should prompt the user for username/password as appropriate on receipt of a 401. If the channel is not ssl then a warning/are you sure would be a good idea. BTW, it is really cool that http basic auth is supported, my thanks to all those contributing to the thread and to the fossil developers for fossil. Thanks, Matt -=- > Thanks, > Kevin > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > -- Matt -=- 90% of the nations wealth is held by 2% of the people. Bummer to be in the majority...
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
