2008-07-01 15:29:00 |
anatoly techtonik |
description |
Common practice to use bzr 1.5 with proxy is to specify proxy settings in environment variable HTTP_PROXY. It is ok for most systems, but quite unnatural for windows. Even if config files are not the best place to store passwords (esp. domain credentials that are often used to authenticate against windows proxies), exposing them in environment variable is like writing them on a wall.
To store credentials more or less securely I propose entering "proxy_server", "proxy_user" and "proxy_pwd" configuration variables explicitly in [DEFAULT] section of some global and into branch/project specific sections of configuration files. Current authentication.conf file description is confusing and file format is itself bogus in the sense that it still needs HTTP_PROXY variable to supply user/pass for it. I doubt that it works at all, at least for my installation modifying [proxy] settings doesn't affect anything with or without HTTP_PROXY set (windows 2000).
Windows proxy options processing should take into account that some special combination of username and password (possibly empty) can be used to allow SSPI magic authenticate against proxy transparently. See bug #244435 |
Common practice to make bzr 1.5 work through a proxy is to specify proxy settings in environment variables HTTP_PROXY and HTTPS_PROXY. The one side of the problem is that it is undocumented, but there is also another side that this variables are not available on windows unlike the other platforms. If the proxy requires authentication it is also a great security risk to place login/pass (esp. domain credentials often used for windows proxies) into environment variables. Although config files is not the best place to store passwords either, exposing them in environment variable is like writing them on a wall.
To store credentials more or less securely I propose entering "proxy_server", "proxy_user" and "proxy_pwd" configuration variables explicitly in [DEFAULT] section of some global and into branch/project specific sections of configuration files. Current authentication.conf file description is confusing and file format is itself bogus in the sense that it still needs HTTP_PROXY variable to supply user/pass for it. I doubt that it works at all, at least for my installation modifying [proxy] settings doesn't affect anything with or without HTTP_PROXY set (windows 2000).
Windows proxy options processing should take into account that some special combination of username and password (possibly empty) can be used to allow SSPI magic authenticate against proxy transparently. See bug #244435 |
|