- Change status to "Closed"
- Change resolution to "Works_As_Designed"
- Change type to "Incident"
- Change comment to "when authenticating with a remote repository (in the form http://user:password@url) there is no way to escape special chars in the password. Eliminating several punctuation symbols seems to limit the security of passwords. At the very least it would be good to document. <hr><i>kkinnell added on 2008-11-25 03:36:22:</i><br> That's really more a problem with the htt protocol than a problem with fossil. Have you tried it as %40 ? No guarantee it'll work, but worth a try. (If you want all kinds of "fun" with webapps and passwords, try a password with '%' in it, and try getting it through a proxy, to boot. More "fun" than you ever wanted to have.) <hr><i>anonymous claiming to be Rockshox added on 2008-11-25 03:43:52:</i><br> I would respectfully call it a problem with the url parser. http authentication is done base64 encoded in the header, you can use any character without a problem. The issue is pulling out which parts go in the header and which part is the url. I would suggest an optional -p and -u flag in lieu of user:password@ syntax <hr><i>kkinnell added on 2008-11-25 18:34:20:</i><br> I must admit you are technically right about that (but I reserve the right to claim that http authentication could have been done much better ;) On the other hand, the work around for the problem is to use the<br> <code>http://name@<i>URL</i></code><br> form of specifying the remote repository. If you do it that way, <b>fossil</b> prompts you for a password."
- Appended to comment:
kkinnell added on 2008-11-25 18:34:20:
I must admit you are technically right about that (but I reserve the right to claim that http authentication could have been done much better ;)On the other hand, the work around for the problem is to use the
<span align="center">http://name@URL</span>
form of specifying the remote repository.If you do it that way, fossil prompts you for a password.
- Appended to comment:
anonymous claiming to be Rockshox added on 2008-11-25 03:43:52:
I would respectfully call it a problem with the url parser. http authentication is done base64 encoded in the header, you can use any character without a problem. The issue is pulling out which parts go in the header and which part is the url. I would suggest an optional -p and -u flag in lieu of user:password@ syntax
- Appended to comment:
kkinnell added on 2008-11-25 03:36:22:
That's really more a problem with the htt protocol than a problem with fossil.Have you tried it as %40 ? No guarantee it'll work, but worth a try.
(If you want all kinds of "fun" with webapps and passwords, try a password with '%' in it, and try getting it through a proxy, to boot. More "fun" than you ever wanted to have.)
- Change resolution to "Open"
- Change comment to "when authenticating with a remote repository (in the form http://user:password@url) there is no way to escape special chars in the password. Eliminating several punctuation symbols seems to limit the security of passwords. At the very least it would be good to document."
- Change private_contact to "c76260317d907e593238775e171317aff2baec12"
- Change severity to "Minor"
- Change status to "Open"
- Change title to "@ character not possible in password"
- Change type to "Code_Defect"