curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: Suggestion: -H from a file... (curl: curl-users@cool.haxx.se exclusive)

From: Kamil Dudka via curl-users <curl-users_at_cool.haxx.se>
Date: Tue, 16 May 2017 10:32:47 +0200

On Monday, May 15, 2017 10:29:14 Jeff Inman wrote:
> > On May 15, 2017, at 8:20 AM, Kamil Dudka via curl-users -
> > curl-users_at_cool.haxx.se
> > <curl.lanl.f14d57db9a.curl-users#cool.haxx.se_at_ob.0sg.net> wrote:>
> > On Monday, May 15, 2017 13:55:29 Nick Chambers wrote:
> >> On 5/15/17, 8:03 AM, "curl-users on behalf of Daniel Stenberg"
> >>
> >> <curl-users-bounces_at_cool.haxx.se on behalf of daniel_at_haxx.se> wrote:
> >>> On Mon, 15 May 2017, Timothe Litt wrote:
> >>>> Suggestion: add a way to specify -H from a file, perhaps -H @filespec
> >>>>
> >>>> as is
> >>>>
> >>>> provided for -d & friends?
> >>>
> >>> I like this idea!
> >>
> >> In the meantime, you can do something like `curl -H "$(cat
> >> .secret_auth_token)" ...` or something like that. It's not a cURL
> >> solution, but provides a workaround until your idea can be implemented.
> >
> > I am afraid this is not going to help because command substitution gets
> > evaluated before executing curl. Consequently, the secret can still be
> > seen in the output of 'ps' as long as curl is running.
> >
> > Kamil
>
> You can use ‘expect’ to provide passwords “interactively” in batch scripts.
> Your expect-script would read from the file. (You should at least limit
> accessibility of that file.) You could then provide the user-name on the
> curl command-line, and provide the password from your script, or don’t
> provide command-line user, and provide both user and password from your
> script.

I do not believe it would help either. As long as the curl tool gets the
"secret" headers by a command-line argument, which is the only choice at
the moment, it is observable from outside while curl is running.

If you still think it would work, please clarify how the data would be
transferred from 'expect' to 'curl' in a safe way.

Kamil

> Jeff

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-05-16