[#78633] ruby/spec needs help from CRuby committers — Benoit Daloze <eregontp@...>
Currently, ruby/spec is maintained mostly by individuals and enjoys the
13 messages
2016/12/13
[#78963] Re: ruby/spec needs help from CRuby committers
— Urabe Shyouhei <shyouhei@...>
2017/01/04
I did ask attendees of last developer meeting to join this
[#78642] Re: ruby/spec needs help from CRuby committers
— Eric Wong <normalperson@...>
2016/12/14
Benoit Daloze <eregontp@gmail.com> wrote:
[ruby-core:78455] Re: [Ruby trunk Bug#12921] Retrieve user and password for proxy from env
From:
KOSAKI Motohiro <kosaki.motohiro@...>
Date:
2016-12-01 12:38:44 UTC
List:
ruby-core #78455
> Yuri Samoilenko wrote: >> What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby? > > I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt The document says Solaris 8 or older is unsecure. OK. But so what? Who care? I believe nobody need to care it. Modern OS don't have such mistake. Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>