On 28. mai. 2009, at 18.04, Paulo Carvalho wrote: > Thanks very much for the concern, but I fear having my username and > password in clear text recorded in user histories, server logs, etc. > is out of the question. Here in my environment, the login/password > pair is global, thus, someone reading such records can log in as me, > read my mail, make requests or even access critical data. > Is there some other [secure] way? If not I'll try to arrange an > open proxy, but I think gitorious could be evolved to support > authenticated proxies without too much exposure.
Paulo, What we're talking about is the authentication between you and your proxy server, this has absolutely nothing to do with Gitorious. Actually, it has very little to do with Git, as Git uses curl for its http connections. As with most other things, Git has plenty of ways to allow you to do this: - through an environment variable - through a per-repository git config setting - through your global git config settings For authenticated communication with Gitorious, the options are: - Git over SSH. This uses your public/private SSH key pair, which can be used either with a passphrase or not, the choice is yours - By using the web interface. Using the web interface, you're authenticated using a username/password combination. This information is submitted over an SSL connection, which should be very secure If you're concerned with the security involved in your proxy authentication, you should probably look into the proxy software. An option might be to use SSL certificates for authenticating towards the proxy server? Regards, - Marius --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Gitorious" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/gitorious?hl=en -~----------~----~----~----~------~----~------~--~---
