[PATCH] http auth user & password lookup

Brad Schick schickb at gmail.com
Thu Aug 23 21:24:34 CDT 2007

Matt Mackall wrote:
>> I think you could just make the uri here prefix-match the target.
>> ie realm:http://foo/bar would match http://foo/bar/baz and
>> http://foo/bar/quux
> That's seems reasonable
That doesn't allow https and http to have a common user:pass, but that's
ok. Better to keep the code and the docs simple I guess.

> And the danger is not hostile project admins so much as compromised
> project servers. If I want to stick an exploit into high-profile
> project X, I might start by attacking project Y which shares some
> developers.
Makes sense. I'll make the uri required and resubmit the patch.


More information about the Mercurial-devel mailing list