Reputation: 553
Securing Credentials with set http_proxy in cmd
I was trying to install Rubygems on my Windows 7 machine and had to authenticate myself with a corporate proxy server. I saw several people on various forums with the same problem, and the common solution seemed to be
set http_proxy=http://username:[email protected]:80
While this did work for me and allowed me to download the Rubygems that I needed, I spoke with a security professional about the security of typing the password in plaintext like that, and he did a packet capture with Wireshark and was able to see my credentials. Is there a way to pass credentials in securely through the command line? I know that a lot of other Ruby developers at my company would like to download gems and need a way to authenticate themselves, but I'd prefer to find a secure solution before I help anyone else out.
Upvotes: 1
Views: 121
Answers (1)
Reputation: 1426
No, because you connect with http to your proxy, the crendials will be send in cleartext by design.
If your company cares about security, you should connect via https:// to your http proxy.
Upvotes: 1
Related Questions
- How to set a proxy in rubys net/http?
- How to set proxy with authentication on selenium on ruby?
- How do I set use_ssl param when running a web request through a proxy?
- Help with HTTP Intercepting Proxy in Ruby?
- How to access a proxy without username and password?
- How do I write a simple HTTPS proxy server in Ruby?
- ruby SSL proxy (MITM)
- Automatically adding proxy to all HTTP connections in ruby
- Change Windows browser proxy settings via ruby script
- What's the best way to specify a proxy with username and password for an **https** connection in python?