Fred Albrecht wrote:
> > > The password is now plainly visible in the URL field :
> > > « ftp://user:passwd@host »
> > Appendix to my previous message:
> > It happens only when connecting over proxy Squid (1.1.10) and it appears
> > also in Squid's access.log.
> After trying a number of combinations, it seems that it indeed only works
> when going through the proxy... Squid 1.1.11 here.
Squid 1.NOVM.10 here
> At any rate, Netscape shouldn't display the password and squid shouldn't
> log what it can clearly identify as « sensitive » information.
Agreed - this is, however, a _setup_ problem with the squid proxy.
You have to change squid.conf so that ftpget_options includes either
the "-a" or "-A" flag (I prefer "-a")
It might be worth putting this in the documentation
or the config file's comments... I will contact people about this.
Our config file contains:
ftpget_options -a -p http://www.is.co.za/tisservices/proxy/ -s .gif -w 25
for the list of possible options run '/usr/local/squid/bin/ftpget -h'
These are the relevant options:
-a Do not show password in generated URLs
-A Do not show login information in generated URLs
Oskar
Received on Jul 03 1997
Intro
