[PATCH] http auth user & password lookup
Brad Schick
schickb at gmail.com
Thu Aug 23 21:24:34 CDT 2007
Matt Mackall wrote:
>> I think you could just make the uri here prefix-match the target.
>> ie realm:http://foo/bar would match http://foo/bar/baz and
>> http://foo/bar/quux
>>
>
> That's seems reasonable
That doesn't allow https and http to have a common user:pass, but that's
ok. Better to keep the code and the docs simple I guess.
> And the danger is not hostile project admins so much as compromised
> project servers. If I want to stick an exploit into high-profile
> project X, I might start by attacking project Y which shares some
> developers.
>
>
Makes sense. I'll make the uri required and resubmit the patch.
-Brad
More information about the Mercurial-devel
mailing list