Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Also the OP seemingly implies credentials are stored on-filesystem in plaintext but I might be extrapolating too much there.

To be fair, some tools only support a netrc file for http(s) based auth. Regardless, if you want to use git via http this vector exists almost always.



Serious question: what tools only support netrc for authentication? I'm aware of lots of tools that (unfortunately IMO) support netrc as a source of credentials, but I can't think of a single one that requires it.


Afaik, nix for https-based git(hub/lab/...) repositories and http-auth protected resources (via fetchurl and friends).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: