The man page says
To prevent the pass- words from being seen, store them in
.wgetrc or .netrc,
The problem is that if you just happen to have a .netrc entry for a
certain machine, but you don't wish wget would notice it, then what to
do?
Can you believe
$ wget --http-user= --http-passwd= http://debian.linux.org.tw/
$ wget --http-user=x --http-passwd=x http://debian.linux.org.tw/
don't even override .netrc?!
$ wget http://:@debian.linux.org.tw/
http://:@debian.linux.org.tw/: Invalid user name.
$ wget http://x:[EMAIL PROTECTED]/
OK, that overrides it, but still, one can't achieve no username and password.
OK, faraway in an Info page do I finally find a .wgetrc's netrc=off
... this should be noted everywhere the docs mention .netrc.
Also there should be a way to do it from the command line -- I making
a script that shouldn't blow up just because the user has an account
on some mirror.
BTW, the man page also says
For more information about security issues with Wget,
but then the sentence just stops.
GNU Wget 1.8.2
