Re: Git remote origin leaks user access token

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: Junio C Hamano <gitster@pobox•com>
To: "brian m. carlson" <sandals@crustytoothpaste•net>
Cc: Jonathan Nieder <jrnieder@gmail•com>,
	 limin <1159309551xcz@gmail•com>,
	git@vger•kernel.org
Subject: Re: Git remote origin leaks user access token
Date: Mon, 01 Jul 2024 12:04:03 -0700	[thread overview]
Message-ID: <xmqqsewtvsrg.fsf@gitster.g> (raw)
In-Reply-To: <ZoLY_yxpQBjmp8O3@tapette.crustytoothpaste.net> (brian m. carlson's message of "Mon, 1 Jul 2024 16:27:43 +0000")

"brian m. carlson" <sandals@crustytoothpaste•net> writes:

> I'll point out that we already document this in the Git FAQ (git help
> gitfaq):
>
> ----
> How do I specify my credentials when pushing over HTTP?
> ...
>
> We also have a FAQ entry about how to read credentials from the
> environment as well, since that's a common thing people want to do.
> ...
>
> I do want to point out that several people, not just me, have worked
> together to make using a credential helper as easy and robust as
> possible.  I mention this not to contradict Jonathan, who I think is
> also trying to help in this regard, but mostly to mention that as a
> project we've been trying to gently nudge people into doing the more
> secure thing.

Two and a half things.

 - Perhaps we want to explicitly single out URLs that embed
   credential in the documentation and tell readers not to use that.
   I wonder if it would be possible to deprecate the support of such
   URLs over time.

 - The original talks about "malicious tool runs "git remote get-url
   ..." but if you let malicious tools to run as your self, you can
   easily steal the credential out of system keychain as well, so
   "do not let malicious things to run as/for you---they will do
   malicious things to you" may be a good general advice.  Those who
   need that kind of advice would not be helped all that much by
   moving away from using URLs that embed credential and instead
   start using credential helpers.

Thanks.

     prev parent reply	other threads:[~2024-07-01 19:04 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CALFtjBBvk+JPmU_GzrnM=ANwaQDdiLtzh4YkZFbcVENyCu9fxA@mail.gmail.com>
2024-07-01 11:46 ` Git remote origin leaks user access token Jonathan Nieder
2024-07-01 16:27   ` brian m. carlson
2024-07-01 18:35     ` Jeff King
2024-07-02 21:13       ` H. Peter Anvin
2024-07-02 21:21         ` Jeff King
2024-07-01 19:04     ` Junio C Hamano [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqqsewtvsrg.fsf@gitster.g \
    --to=gitster@pobox$(echo .)com \
    --cc=1159309551xcz@gmail$(echo .)com \
    --cc=git@vger$(echo .)kernel.org \
    --cc=jrnieder@gmail$(echo .)com \
    --cc=sandals@crustytoothpaste$(echo .)net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox