On Thu, Nov 29, 2007 at 07:20:08PM +0000, Daniel P. Berrange wrote:
> Actually there we should looks for a password and store it,
that's very
> common and convenient, e.g. use
> xen://foo:bar@server/
>
> as the connection URI, libxml2 will just return the user as 'foo:bar'
> which could subsequently be split here to store the password (bar).
The virConnectCredentialPtr struct which is populated for the auth
callback function contains a 'defresult' field where the default value
of the credential should go. I intended to populate this value with the
username part of the URI for VIR_CRED_AUTHNAME credentials, but forgot.
Will add that in....
Using passwords in URIs is seriously frowned upon. URIs get into log files,
in the command line ARGV, into gconf, into bug reports. We absolutely do
not want passwords visible in any of those places.
RFC 2396 explicitly recommends against using passwords in URIs
"Some URL schemes use the format "user:password" in the userinfo
field. This practice is NOT RECOMMENDED, because the passing of
authentication information in clear text (such as URI) has proven to
be a security risk in almost every case where it has been used."
I know, I have also argued against it (and that's why libxml2 doesn't
parse it), but this can be way more convenient at times, and also
has the potential to remove asynchronous interaction for example
when using scripts.
Anyway not a big deal,
Daniel
--
Red Hat Virtualization group
http://redhat.com/virtualization/
Daniel Veillard | virtualization library
http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit
http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine
http://rpmfind.net/