Re: transfer.credentialsInUrl should warn about personal access tokens in user field #leftoverbits

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: M Hickford <mirth.hickford@gmail•com>
To: "brian m. carlson" <sandals@crustytoothpaste•net>,
	Junio C Hamano <gitster@pobox•com>,
	git@vger•kernel.org, stolee@gmail•com
Subject: Re: transfer.credentialsInUrl should warn about personal access tokens in user field #leftoverbits
Date: Sat, 18 Jan 2025 20:33:04 +0000	[thread overview]
Message-ID: <77741bb3-be37-4e63-9bf8-0cbeac50ae24@gmail.com> (raw)
In-Reply-To: <Z4GZ0oiZCC2Wl3bN@tapette.crustytoothpaste.net>

On 2025-01-10 22:06, brian m. carlson wrote:
> No, this is Basic auth.  It's just that GitHub will look at either the
> username or password field for the token.

Thanks Brian and Junio for the discussion. I understand your aversion to 
introducing GitHub-specific PAT detection logic.

The better solution would be for GitHub to stop accepting PAT in the 
username field. Hopefully that will happen one day. It's undocumented,
so its usage ought to diminish.

To speed that along, I've edited the offending StackOverflow answer 
https://stackoverflow.com/a/70320541/284795

next prev parent reply	other threads:[~2025-01-18 20:33 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-10 21:05 transfer.credentialsInUrl should warn about personal access tokens in user field #leftoverbits M Hickford
2025-01-10 21:32 ` Junio C Hamano
2025-01-10 22:06   ` brian m. carlson
2025-01-10 22:51     ` Junio C Hamano
2025-01-11  0:08       ` brian m. carlson
2025-01-11  0:45         ` Junio C Hamano
2025-01-11  1:01           ` rsbecker
2025-01-18 20:33     ` M Hickford [this message]
2025-01-10 22:10   ` rsbecker
2025-01-10 23:36   ` Randall Becker
2025-01-10 23:44     ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=77741bb3-be37-4e63-9bf8-0cbeac50ae24@gmail.com \
    --to=mirth.hickford@gmail$(echo .)com \
    --cc=git@vger$(echo .)kernel.org \
    --cc=gitster@pobox$(echo .)com \
    --cc=sandals@crustytoothpaste$(echo .)net \
    --cc=stolee@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox