Hi, Augusto Arcoverde da Rocha schrieb: > IMHO, the current password exposition is a ugly thing: > $ export http_proxy=http://user:__>>**password**<<[EMAIL PROTECTED]:8080 I wouldn't worry to much about a PROXY password. I mean who can access files and environment variables? Basically only you and the administrator of your system.
I think the bigger problem is that guessed 99% of all proxies, which ask for passwords, transmit them in clear. (I think there is no SSL protocol or digest protocol which is widely supported.) (Our university's computation centre offers a password-proxy access using the username/password. I'm slightly reluctant to save that password on my laptop and I'm fully against transmitting it with every HTTP request. Thus I'm using a ssh tunnel with localhost:8080 as proxy.) > I think would be preferable hide the password typing and don't storing > it in a file like system register, maintaining it in the memory only. > Perhaps getting the password altrougt some interactive process which > hide the password. Well, exactly that you get if you add the following into your .bashrc: printf 'Enter Password for the HTTP PROXY: ' stty -echo read pass stty echo echo "" http_proxy="http://$USER:[EMAIL PROTECTED]:port/" export http_proxy Otherwise: Many programs automatically ask for a password if protcol://[EMAIL PROTECTED]:port/ didn't succeed. (At least Mozilla does so for the proxy.) I wouldn't be surprised if the Internet Explorer did the same. (It does for ftp://[EMAIL PROTECTED]/). Tobias