Project

General

Profile

Actions

Feature #12921

closed

Retrieve user and password for proxy from env

Added by wolfer (Sergey Fedosov) about 8 years ago. Updated over 7 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:78075]

Description

If ENV['http_proxy'] have some like 'http://user:password@192.168.1.1:3128' Net::HTTP will send request throught proxy without user and pass and proxy response with "407 Proxy authentication required"

I'm read discussion in #10652, but reason for reverting seems to me a little strange.

Mr. Tanaka wrote that other utils allow storing password in configuration file and "I think the missing piece is a library for password store for storing passwords in a file.".
But ruby has no similar file. Set http_proxy env is standard way for define proxy configuration, with credential too. Most popular utils, application and language allow that variant. Ruby is said to follow the principle of least astonishment (POLA), isn't ? Why not make the behavior of a ruby least surprising?

Otherwise the programmer has to create custom server-specific configuration logic(in most cases the trash). Any gems do not support setup proxy setting and therefore it is necessary to monkey-patching... It's look like dirty hack rather than following standarts.

P.S. sorry for my english. GT rules


Files

proxy_credential_from_env.patch (617 Bytes) proxy_credential_from_env.patch wolfer (Sergey Fedosov), 11/10/2016 11:30 AM

Related issues 4 (0 open4 closed)

Related to Ruby master - Feature #10652: Automatic detection of user and password from envClosedayumin (Ayumu AIZAWA)12/25/2014Actions
Related to Ruby 1.8 - Bug #435: open-uri.rb 407 Proxy Authentication Required (OpenURI::HTTPError)Rejected08/13/2008Actions
Related to Ruby master - Bug #4388: open-uriで環境変数http_proxyを使うときに認証付きのProxyが使えませんRejectedActions
Is duplicate of Ruby master - Feature #6546: Net::HTTP to check for HTTP_PROXY environment setting.Closednaruse (Yui NARUSE)06/04/2012Actions

Updated by jerry_ru (Yuri Samoilenko) about 8 years ago

almost all console utils uses http_proxy without problems.

Updated by shyouhei (Shyouhei Urabe) about 8 years ago

You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.

Actions #4

Updated by shyouhei (Shyouhei Urabe) about 8 years ago

  • Related to Feature #10652: Automatic detection of user and password from env added
Actions #5

Updated by shyouhei (Shyouhei Urabe) about 8 years ago

  • Is duplicate of Feature #6546: Net::HTTP to check for HTTP_PROXY environment setting. added
Actions #6

Updated by shyouhei (Shyouhei Urabe) about 8 years ago

  • Related to Bug #435: open-uri.rb 407 Proxy Authentication Required (OpenURI::HTTPError) added
Actions #7

Updated by shyouhei (Shyouhei Urabe) about 8 years ago

  • Related to Bug #4388: open-uriで環境変数http_proxyを使うときに認証付きのProxyが使えません added

Updated by kosaki (Motohiro KOSAKI) about 8 years ago

You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.

Well, less point this to me. Since r54432, open-uri uses
ENV['http-proxy']. You don't talk about ruby's policy.
This ticket is less point too. http-proxy is useful for command-line
utilities. Why don't you use open-uri?

Updated by ngoto (Naohisa Goto) about 8 years ago

Why don't you use open-uri?

Because open-uri can't treat POST, HEAD, etc.

I think it is natural that net/http gets the same parameters from env for default unspecified parameters as open-uri does.

Updated by jerry_ru (Yuri Samoilenko) about 8 years ago

Shyouhei Urabe wrote:

You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.

What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?

Updated by shyouhei (Shyouhei Urabe) about 8 years ago

Yuri Samoilenko wrote:

What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?

I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt

Updated by wolfer (Sergey Fedosov) about 8 years ago

Shyouhei Urabe wrote:

Yuri Samoilenko wrote:

What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?

I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt

Yuri Samoilenko said than it's operation system problem, if any users can read you env. Not ruby.
Anyway, http-proxy it's standart way set proxy and with auth too.

Updated by kosaki (Motohiro KOSAKI) about 8 years ago

Yuri Samoilenko wrote:

What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?

I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt

The document says Solaris 8 or older is unsecure. OK. But so what? Who
care? I believe nobody need to care it.
Modern OS don't have such mistake.

Updated by shyouhei (Shyouhei Urabe) about 8 years ago

Motohiro KOSAKI wrote:

Modern OS don't have such mistake.

I can't make it sure but if environment variables are in fact kept secure for all platforms that run ruby, then I'm happy to withdraw my concern about security in ENV['http_proxy'].

Actions #15

Updated by luizluca (Luiz Angelo Daros de Luca) almost 8 years ago

If the user wants to set its password inside a env variable, it is the user's problem. It is the widely used way to use it.

For those that need a quick fix:

    class Net::HTTP
        def proxy_user
          if @proxy_from_env then
            proxy_uri && proxy_uri.user
          else
            @proxy_user
          end
        end
        def proxy_pass
          if @proxy_from_env then
            proxy_uri && proxy_uri.password
          else
            @proxy_pass
          end
        end
    end

Updated by wolfer (Sergey Fedosov) almost 8 years ago

If the user write a code this is also a user's problem. Programming language should be able to solve problems easily. Isn't it?
Monkey-patching is not a solution.

Updated by akr (Akira Tanaka) over 7 years ago

How about make white-list of OSs which environment variables are not visible from other users?

If ruby runs on OS in such list, setting password in an environment variable is acceptable.
So, we can support password in http_proxy without degrading security.

Updated by shyouhei (Shyouhei Urabe) over 7 years ago

akr (Akira Tanaka) wrote:

How about make white-list of OSs which environment variables are not visible from other users?

It's OK to me.

Updated by wolfer (Sergey Fedosov) over 7 years ago

akr (Akira Tanaka) wrote:

environment variables are not visible from other users?

As far as I know, in almost every modern Linux distribution you can set system-wide env, per-user env and process-specific env. User can solve the problem of the env-scope as he likes

Updated by kosaki (Motohiro KOSAKI) over 7 years ago

Hi
Linux kernel expert is here.

wolfer (Sergey Fedosov) wrote:

akr (Akira Tanaka) wrote:

environment variables are not visible from other users?

As far as I know, in almost every modern Linux distribution you can set system-wide env, per-user env and process-specific env. User can solve the problem of the env-scope as he likes

No they dont.
All unix only have peocess scope env.

Updated by wolfer (Sergey Fedosov) over 7 years ago

kosaki (Motohiro KOSAKI) wrote:

Linux kernel expert is here.

Hi. What do your think about this:

shyouhei (Shyouhei Urabe) wrote:

... environment variables are in fact insecure. It is a very bad idea to store passwords there...

Actions #22

Updated by naruse (Yui NARUSE) over 7 years ago

  • Status changed from Open to Closed

Applied in changeset trunk|r58461.


Allow Net::HTTP to fetch user/pass from http_proxy

Note that this feature is enabled only on environment variables are
multi-user safe. In this time the list includes Linux, FreeBSD, or
Darwin. [Bug #12921]

Actions #23

Updated by usa (Usaku NAKAMURA) over 7 years ago

  • Tracker changed from Bug to Feature
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0