[PATCH] Do not display passwords specified in URL
Manuel Holtgrewe
purestorm at ggnore.net
Mon Nov 5 16:41:42 CST 2007
Am 05.11.2007 um 20:43 schrieb Manuel Holtgrewe:
> I have thought of a (IMO) simple but elegant and effective solution
> to the, Brad had when trying to create a workaround for the problem:
> Why don't we simply keep entering the password in the URL but hide it
> when displaying it?
Please excuse the bad formulation of this paragraph (I should have
taken a nap before I wrote it).
I just realized my unfortunate picking of the work "workaround".
All in all, the quoted paragraph should have read:
"I have though fo a (IMO) simple but elegant solution to the problem,
Brad begun to solve. Why don't we keep entering the password in the
URL but hide it when displaying it?"
Of course, Brad was in the process of creating a solution not a
workaround. Rather, my code has some kind of workaround smell. I
think, however, that never printing a password as plain text is a
good idea. Eventually, hiding passwords would make sense to be
implemented along an external definition of passwords (and later
maybe even integration of the Os X keychain and equivalent programs
under other environments).
Bests,
Manuel
More information about the Mercurial-devel
mailing list