Ruby » Ruby master

almost all console utils uses http_proxy without problems.

+1

You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.

You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.

Well, less point this to me. Since r54432, open-uri uses
ENV['http-proxy']. You don't talk about ruby's policy.
This ticket is less point too. http-proxy is useful for command-line
utilities. Why don't you use open-uri?

Why don't you use open-uri?

Because open-uri can't treat POST, HEAD, etc.

I think it is natural that net/http gets the same parameters from env for default unspecified parameters as open-uri does.

Shyouhei Urabe wrote:

You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.

What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?

Yuri Samoilenko wrote:

What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?

I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt

Shyouhei Urabe wrote:

Yuri Samoilenko wrote:

What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?

I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt

Yuri Samoilenko said than it's operation system problem, if any users can read you env. Not ruby.
Anyway, http-proxy it's standart way set proxy and with auth too.

Yuri Samoilenko wrote:

What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?

I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt

The document says Solaris 8 or older is unsecure. OK. But so what? Who
care? I believe nobody need to care it.
Modern OS don't have such mistake.

Motohiro KOSAKI wrote:

Modern OS don't have such mistake.

I can't make it sure but if environment variables are in fact kept secure for all platforms that run ruby, then I'm happy to withdraw my concern about security in ENV['http_proxy'].

If the user wants to set its password inside a env variable, it is the user's problem. It is the widely used way to use it.

For those that need a quick fix:

    class Net::HTTP
        def proxy_user
          if @proxy_from_env then
            proxy_uri && proxy_uri.user
          else
            @proxy_user
          end
        end
        def proxy_pass
          if @proxy_from_env then
            proxy_uri && proxy_uri.password
          else
            @proxy_pass
          end
        end
    end

If the user write a code this is also a user's problem. Programming language should be able to solve problems easily. Isn't it?
Monkey-patching is not a solution.

How about make white-list of OSs which environment variables are not visible from other users?

If ruby runs on OS in such list, setting password in an environment variable is acceptable.
So, we can support password in http_proxy without degrading security.

akr (Akira Tanaka) wrote:

How about make white-list of OSs which environment variables are not visible from other users?

It's OK to me.

akr (Akira Tanaka) wrote:

environment variables are not visible from other users?

As far as I know, in almost every modern Linux distribution you can set system-wide env, per-user env and process-specific env. User can solve the problem of the env-scope as he likes

Hi
Linux kernel expert is here.

wolfer (Sergey Fedosov) wrote:

akr (Akira Tanaka) wrote:

environment variables are not visible from other users?

As far as I know, in almost every modern Linux distribution you can set system-wide env, per-user env and process-specific env. User can solve the problem of the env-scope as he likes

No they dont.
All unix only have peocess scope env.

kosaki (Motohiro KOSAKI) wrote:

Linux kernel expert is here.

Hi. What do your think about this:

shyouhei (Shyouhei Urabe) wrote:

... environment variables are in fact insecure. It is a very bad idea to store passwords there...