-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matthew Woehlke wrote: > http://www.mail-archive.com/[email protected]/msg06979.html > Did this patch make it into the soon-to-be-released version (1.10.3?)? I > need to wget a webpage that wants authentication, and I don't want to > have to put it on disk or have it show up in 'ps'.
I can't find the message (with accompanying patch) that is referred to by the message in that link. However, Mauro's response seemed to indicate that he didn't like that particular method for telling wget to prompt for password. At any rate, I don't believe the upcoming 1.11 release is going to include a secure password prompt. I'm somewhat surprised that there hasn't been one in all these years. Adding such a feature will be one of my top priorities for the following release. However, I won't hold the next release for such a change, as we're just too close. I'm already going to be delaying the release a bit for a couple of (higher-priority) security fixes that I simply would not be comfortable releasing without--for instance, if you are uncomfortable with the idea of putting your password on disk or in the process table, how comfortable are you with the idea that in every version of wget up until now, it sends that password in the clear, regardless of whether or not the remote server is using cleartext password authentication (only applies to http, not https, situations)? - -- Micah J. Cowan Programmer, musician, typesetting enthusiast, gamer... http://micah.cowan.name/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGhZQp7M8hyUobTrERCI97AJ4ruUhPYF4saTpclhONY+Du1jwMOQCgipy/ iBxtl5vJJoiEhacDjIDCpqg= =iAQ3 -----END PGP SIGNATURE-----
