Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > About open-uri and ENV["HTTP_PROXY"]

Reply
Thread Tools

About open-uri and ENV["HTTP_PROXY"]

 
 
Anatol Pomozov
Guest
Posts: n/a
 
      12-11-2005
------=_Part_7485_31986570.1134326990411
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi, all.

I am investigating problem with Gems and proxy authorization and I have
question about open-uri code.
To be precise code from OpenURI.open_loop(uri, options) (Current version
from CVS)

when roxy
opt_proxy =3D options.fetch(roxy)
proxy_user =3D nil
proxy_pass =3D nil

proxy option mostly come from ENV and could contain information for basic
authorization: username and password. Something like this
http://anatol(E-Mail Removed):8080/
and right way is parse this string and put proxy_user to anatol, proxy_pass
to pwd and proxy_url to http://www.proxy.com:8080/

The same with code a bit below
when true
find_proxy =3D lambda {|u| pxy =3D u.find_proxy; pxy ? [pxy, nil, nil=
] :
nil}

It should be
when true
find_proxy =3D lambda {|u| pxy =3D u.find_proxy; pxy ?
parse_proxy_and_find_authorization_info(pxy) : nil}


Is it logical??

--
anatol (http://pomozov.info)

------=_Part_7485_31986570.1134326990411--


 
Reply With Quote
 
 
 
 
Tanaka Akira
Guest
Posts: n/a
 
      12-12-2005
In article <3665a1a00512111049n6fe237a1i7cefbceb25bf07cf@mail .gmail.com>,
Anatol Pomozov <(E-Mail Removed)> writes:

> I am investigating problem with Gems and proxy authorization and I have
> question about open-uri code.
> To be precise code from OpenURI.open_loop(uri, options) (Current version
> from CVS)
>
> when roxy
> opt_proxy = options.fetch(roxy)
> proxy_user = nil
> proxy_pass = nil
>
> proxy option mostly come from ENV and could contain information for basic
> authorization: username and password. Something like this
> http://anatol(E-Mail Removed):8080/
> and right way is parse this string and put proxy_user to anatol, proxy_pass
> to pwd and proxy_url to http://www.proxy.com:8080/


Environment variables are not appropriate place to store
passwords since they are visible from other users.

Note that RFC 3986 deprecates "userassword" in the
userinfo field.

| 3.2.1. User Information
|
| The userinfo subcomponent may consist of a user name and, optionally,
| scheme-specific information about how to gain authorization to access
| the resource. The user information, if present, is followed by a
| commercial at-sign ("@") that delimits it from the host.
|
| userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
|
| Use of the format "userassword" in the userinfo field is
| deprecated. Applications should not render as clear text any data
| after the first colon (":") character found within a userinfo
| subcomponent unless the data after the colon is the empty string
| (indicating no password). Applications may choose to ignore or
| reject such data when it is received as part of a reference and
| should reject the storage of such data in unencrypted form. The
| passing of authentication information in clear text has proven to be
| a security risk in almost every case where it has been used.
|
| Applications that render a URI for the sake of user feedback, such as
| in graphical hypertext browsing, should render userinfo in a way that
| is distinguished from the rest of a URI, when feasible. Such
| rendering will assist the user in cases where the userinfo has been
| misleadingly crafted to look like a trusted domain name
| (Section 7.6).
--
Tanaka Akira


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
if and and vs if and,and titi VHDL 4 03-11-2007 05:23 AM



Advertisments