[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#46857: apt: If source URI contains password, the password is printed on the screen during fetches

On 7 Oct 1999, KORN Andras wrote:

> try a URI like <deb ftp://user:password@host/debian unstable local>; the
> password is printed on the screen in plain text. I believe it would be
> better to not display the user:password bit at all, or at least mask the
> password.
> 
> (I agree that it is not generally a good idea to put password-protected URIs
> into sources.list.)

It is even worse.  sources.list has to be world readable, so that normal users
can run apt-get source.

The only solution to this would be to NOT put the password in sources.list,
and have both the http and ftp modules prompt.  I know the api supports this
feature, but I have never seen it done in actual use.

Adam
Reply to: