On Tue, Jan 09, 2007 at 04:24:48PM +0200, Mark Goldstein wrote: > On 1/9/07, Mark Goldstein <[EMAIL PROTECTED]> wrote: > >On 1/9/07, Mark Goldstein <[EMAIL PROTECTED]> wrote: > >> On 1/9/07, Dinar Valeev <[EMAIL PROTECTED]> wrote: > >> > >> Set a proxy URL > >> rug set proxy-url url_path > > > >Hi Dinar, > > > >I defined proxy in Yast2 and rug works fine, so it looks like rug now > >uses proxy setting from /etc/sysconfig/proxy (I remember that in 10.0 > >rug -- then part of Red Carpet -- used its own settings. > > > >But zypper fails. I'll re-check though. > > > > Hmmm, it was something else. Maybe temporary unaccessible repository. > Now zypper works fine. > > BTW, it uses proxy user and password from /root/.curlrc. > This file, though readable by root only, contains password in plain test. > I think it's not a good idea. Anyone with an access to Linux machine > can use another system (e.g. Knoppix, or Windows on dual boot machine) > and read it, unless /root is stored on encrypted FS. > > I actually asked the same question on Novell forum regarding the Red > Carpet (about a year ago), since rug had also stored unencrypted proxy > password in the plain file, but have not got reasonable answer.
If you can read those files than you have root access and break this system in any other imaginable way too. Protecting such files further is not really necessary in light of this. Ciao, Marcus -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
