stackoom
  简体   繁体   中英

Securing Credentials with set http_proxy in cmd

 原文  2014-06-23 15:23:45       ruby/ security/ command-line/ proxy

Question

I was trying to install Rubygems on my Windows 7 machine and had to authenticate myself with a corporate proxy server. I saw several people on various forums with the same problem, and the common solution seemed to be 

set http_proxy=http://username:password@www-domain.com:80

While this did work for me and allowed me to download the Rubygems that I needed, I spoke with a security professional about the security of typing the password in plaintext like that, and he did a packet capture with Wireshark and was able to see my credentials. Is there a way to pass credentials in securely through the command line? I know that a lot of other Ruby developers at my company would like to download gems and need a way to authenticate themselves, but I'd prefer to find a secure solution before I help anyone else out.

1 answers

solution1
 1 ACCPTED  2015-06-05 19:08:46

No, because you connect with http to your proxy, the crendials will be send in cleartext by design.

If your company cares about security, you should connect via https:// to your http proxy.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using Ruby with Charles Proxy via export http_proxy on Mac why 'unset http_proxy' doesn't work in Rakefile How to set a proxy in rubys net/http? watir-webdriver & proxy credentials Net::HTTP Proxy list HTTP::persistent and proxy? Use HTTP proxy with Savon Ruby http proxy Ruby, Tor and Net::HTTP::Proxy Help with HTTP Intercepting Proxy in Ruby?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM