Re: [git-users] Git push URL encoding issue

2015-09-03 Thread Konstantin Khomoutov 
On Thu, 3 Sep 2015 10:01:01 -0700 (PDT)
Bideep Bezbaruah  wrote:

> This is a service consumed by many users and there is a validation 
> requirement where every user trying to use this service, needs to be 
> authenticated against the repo that is passed. For ex: User '23784'
> needs to be authenticated against
> https://github.company.com/abcd/devrepo URL before allowing to
> proceed further.

Yes, this is quite obvious. This is how any single-pass authentication
works. ;-)

> I know about the security concern and also this
> works with GitHub access tokens and even with passwords without
> special characters. Just trying to see if there is a way to make it
> work with encoded password.

May be I failed to convey my question properly, but *normally* you
don't encode credentials into URLs when working with Git, and instead
you're either using the so-called "netrc" file for libcurl (a library
used by Git to access repos via http[s]://) or a credential helper
-- a program which supplies Git with credentials (which it obtains from
whatever medium it is taught to operate with).

So the question remains: why are you trying to solve this problem
asswards instead of just doing what everyone else normally do?
And so may be it's just simpler to learn about the netrc file and use
it -- hence forgoing the original problem completely?

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [git-users] Git push URL encoding issue

2015-09-03 Thread Konstantin Khomoutov 
On Thu, 3 Sep 2015 09:24:40 -0700 (PDT)
Bideep Bezbaruah  wrote:

> I have a use case to push files to git using command like:
> 
> git push https://:github.company.com/abcd/devrepo 
> > master:master
> 
> But, if the password contains special characters like ‘@’ and ‘$’, I
> am converting it to hex code like ‘%40’ and %24.
> 
> So, the URL looks like
> 
> https://23784:abcd%40%241...@github.company.com/abcd/devrepo
> 
> I was thinking it should work since I am encoding the special
> character, but it throws 403 error everytime. This works fine for
> password without special characters where we don’t need to encode any
> characters.

Before we'll try to do something about this...

Your approach stinks security-wise.  Are you sure you really do have no
technical possibility to use ~/.netrc or a custom Git credential helper
to make this work without encoding credentials into URLs?

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [git-users] Git push URL encoding issue

2015-09-03 Thread Bideep Bezbaruah 
This is a service consumed by many users and there is a validation 
requirement where every user trying to use this service, needs to be 
authenticated against the repo that is passed. For ex: User '23784' needs 
to be authenticated against https://github.company.com/abcd/devrepo URL 
before allowing to proceed further. I know about the security concern and 
also this works with GitHub access tokens and even with passwords without 
special characters. Just trying to see if there is a way to make it work 
with encoded password.


On Thursday, 3 September 2015 12:44:02 UTC-4, Konstantin Khomoutov wrote:
>
> On Thu, 3 Sep 2015 09:24:40 -0700 (PDT) 
> Bideep Bezbaruah  wrote: 
>
> > I have a use case to push files to git using command like: 
> > 
> > git push https://:github.company.com/abcd/devrepo 
> > > master:master 
> > 
> > But, if the password contains special characters like ‘@’ and ‘$’, I 
> > am converting it to hex code like ‘%40’ and %24. 
> > 
> > So, the URL looks like 
> > 
> > https://23784:abcd%40%241...@github.company.com/abcd/devrepo 
> > 
> > I was thinking it should work since I am encoding the special 
> > character, but it throws 403 error everytime. This works fine for 
> > password without special characters where we don’t need to encode any 
> > characters. 
>
> Before we'll try to do something about this... 
>
> Your approach stinks security-wise.  Are you sure you really do have no 
> technical possibility to use ~/.netrc or a custom Git credential helper 
> to make this work without encoding credentials into URLs? 
>

-- 
You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.