I've been looking at Git and cURL and I found some references about .netrc, that may help on http auth. The problem is: .netrc is dumb because it stores passwords in plain text format, which is a big security issue for the solution I'm developing.
Is there an alternative to .netrc approach? It is possible to develop an "authentication backend" to cURL?
Update April 2013, git 1.8.3:
A new read-only credential helper (in
contrib/) to interact with the.netrc/.authinfofiles has been added.
That script would allow you to use gpg-encrypted netrc files, avoiding the issue of having your credentials stored in a plain text file.
To enable this credential helper:
git config credential.helper '$shortname -f AUTHFILE1 -f AUTHFILE2' (Note that Git will prepend "
git-credential-" to the helper name and look for it in the path.)
See a full example at "Is there a way to skip password typing when using https:// github"
Original answer (March 2011)
The only alternative (except not using it and going through ssh) would be to:
crypt')Note that on Unix, that file is normally in mode 600, only visible by you.
On Windows (_netrc), that file should be in your HOMEDIR, which shouldn't be accessible (through Windows ACL) to any other users.
But I still don't like a password in plain text...
This thread, for example, goes through the same process (on Unix for gpg, but it still illustrates the solution nicely):
Below I have included a sample script implementing the usage of '
gpg', which can be used to encrypt the contents of a file. It's in shell script, however I'm sure you can adapt the concept to your perl script.I think for your needs the basic idea is:
- create a plain-text file with your password (and other info)
- encrypt it using
gpgand store the encrypted file; dispose of the plain-text file- Within the perl script, decrypt the encrypted file into a plain-text file
- read contents of plain-text file during runtime of your script
- delete plain-text file as soon as possible.
Here's just an example of the workings of gpg:
#!/bin/sh echo -n "Enter your password: " read pass FILE=~/mypassword echo $pass > $FILE gpg -c $FILE rm -f $FILE gpg $FILE.gpg MYPASSWORD=`cat $FILE` rm -f $FILE echo $MYPASSWORD