reply icon indicating copy to clipboard operation
reply copied to clipboard

Published 20 hours ago verified publisher icon trptcolin

basic auth requires a cleartext password

Open sritchie opened this issue 10 years ago • 2 comments

hey guys,

I was going through this tutorial for drawbridge:

https://devcenter.heroku.com/articles/debugging-clojure

And it looks like there's not way to have the "lein repl" task prompt for a password if it's missing from the URL string.

What would you guys think of a patch that would ask the user for a password if a username was supplied via the query string w/o an accompanying password? I should have some time to work on this, just wanted to check on the feelings here.

sritchie avatar Jul 20 '14 19:07 sritchie

Sounds great to me. I wonder if there's a way to disambiguate the case you're talking about from one where the remote server doesn't require a pw, just a username (or is that not a thing?).

trptcolin avatar Jul 20 '14 20:07 trptcolin

I think you have to send both if you're using the basic authentication scheme; I think if you want to identify users by some token, you use a different header, or just send a blank password or something.

Thanks, I'll see what I can do!

sritchie avatar Jul 20 '14 21:07 sritchie