Feature #12921
closedRetrieve user and password for proxy from env
Description
If ENV['http_proxy'] have some like 'http://user:password@192.168.1.1:3128' Net::HTTP will send request throught proxy without user and pass and proxy response with "407 Proxy authentication required"
I'm read discussion in #10652, but reason for reverting seems to me a little strange.
Mr. Tanaka wrote that other utils allow storing password in configuration file and "I think the missing piece is a library for password store for storing passwords in a file.".
But ruby has no similar file. Set http_proxy env is standard way for define proxy configuration, with credential too. Most popular utils, application and language allow that variant. Ruby is said to follow the principle of least astonishment (POLA), isn't ? Why not make the behavior of a ruby least surprising?
Otherwise the programmer has to create custom server-specific configuration logic(in most cases the trash). Any gems do not support setup proxy setting and therefore it is necessary to monkey-patching... It's look like dirty hack rather than following standarts.
P.S. sorry for my english. GT rules
Files
Updated by jerry_ru (Yuri Samoilenko) almost 8 years ago
almost all console utils uses http_proxy without problems.
Updated by shyouhei (Shyouhei Urabe) almost 8 years ago
You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.
Updated by shyouhei (Shyouhei Urabe) almost 8 years ago
- Related to Feature #10652: Automatic detection of user and password from env added
Updated by shyouhei (Shyouhei Urabe) almost 8 years ago
- Is duplicate of Feature #6546: Net::HTTP to check for HTTP_PROXY environment setting. added
Updated by shyouhei (Shyouhei Urabe) almost 8 years ago
- Related to Bug #435: open-uri.rb 407 Proxy Authentication Required (OpenURI::HTTPError) added
Updated by shyouhei (Shyouhei Urabe) almost 8 years ago
- Related to Bug #4388: open-uriで環境変数http_proxyを使うときに認証付きのProxyが使えません added
Updated by kosaki (Motohiro KOSAKI) almost 8 years ago
You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.
Well, less point this to me. Since r54432, open-uri uses
ENV['http-proxy']. You don't talk about ruby's policy.
This ticket is less point too. http-proxy is useful for command-line
utilities. Why don't you use open-uri?
Updated by ngoto (Naohisa Goto) almost 8 years ago
Why don't you use open-uri?
Because open-uri can't treat POST, HEAD, etc.
I think it is natural that net/http gets the same parameters from env for default unspecified parameters as open-uri does.
Updated by jerry_ru (Yuri Samoilenko) almost 8 years ago
Shyouhei Urabe wrote:
You have to understand that environment variables are in fact insecure. It is a very bad idea to store passwords there. Surprising or not, insecure is insecure. We shall not introduce this.
What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?
Updated by shyouhei (Shyouhei Urabe) almost 8 years ago
Yuri Samoilenko wrote:
What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?
I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt
Updated by wolfer (Sergey Fedosov) almost 8 years ago
Shyouhei Urabe wrote:
Yuri Samoilenko wrote:
What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?
I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt
Yuri Samoilenko said than it's operation system problem, if any users can read you env. Not ruby.
Anyway, http-proxy it's standart way set proxy and with auth too.
Updated by kosaki (Motohiro KOSAKI) almost 8 years ago
Yuri Samoilenko wrote:
What do you mean when say "insecure"? Storing login and password in filesystem and then read it and pass to http request manually is secure? Insecure is availability to pass login/password in plain form like "http://user:password@192.168.1.1:3128" but how it linked to Ruby?
I'm not talking about files, but environment variables. On some operating systems, a process environment variable is visible from any users, not only you. Exposing authorization info to that sort of area is not a safe thing. ENV['http_proxy'] should not include such info. Further reading: http://yong321.freeshell.org/computer/ProcEnv.txt
The document says Solaris 8 or older is unsecure. OK. But so what? Who
care? I believe nobody need to care it.
Modern OS don't have such mistake.
Updated by shyouhei (Shyouhei Urabe) almost 8 years ago
Motohiro KOSAKI wrote:
Modern OS don't have such mistake.
I can't make it sure but if environment variables are in fact kept secure for all platforms that run ruby, then I'm happy to withdraw my concern about security in ENV['http_proxy'].
Updated by luizluca (Luiz Angelo Daros de Luca) over 7 years ago
If the user wants to set its password inside a env variable, it is the user's problem. It is the widely used way to use it.
For those that need a quick fix:
class Net::HTTP
def proxy_user
if @proxy_from_env then
proxy_uri && proxy_uri.user
else
@proxy_user
end
end
def proxy_pass
if @proxy_from_env then
proxy_uri && proxy_uri.password
else
@proxy_pass
end
end
end
Updated by wolfer (Sergey Fedosov) over 7 years ago
If the user write a code this is also a user's problem. Programming language should be able to solve problems easily. Isn't it?
Monkey-patching is not a solution.
Updated by akr (Akira Tanaka) over 7 years ago
How about make white-list of OSs which environment variables are not visible from other users?
If ruby runs on OS in such list, setting password in an environment variable is acceptable.
So, we can support password in http_proxy without degrading security.
Updated by shyouhei (Shyouhei Urabe) over 7 years ago
akr (Akira Tanaka) wrote:
How about make white-list of OSs which environment variables are not visible from other users?
It's OK to me.
Updated by wolfer (Sergey Fedosov) over 7 years ago
akr (Akira Tanaka) wrote:
environment variables are not visible from other users?
As far as I know, in almost every modern Linux distribution you can set system-wide env, per-user env and process-specific env. User can solve the problem of the env-scope as he likes
Updated by kosaki (Motohiro KOSAKI) over 7 years ago
Hi
Linux kernel expert is here.
wolfer (Sergey Fedosov) wrote:
akr (Akira Tanaka) wrote:
environment variables are not visible from other users?
As far as I know, in almost every modern Linux distribution you can set system-wide env, per-user env and process-specific env. User can solve the problem of the env-scope as he likes
No they dont.
All unix only have peocess scope env.
Updated by wolfer (Sergey Fedosov) over 7 years ago
kosaki (Motohiro KOSAKI) wrote:
Linux kernel expert is here.
Hi. What do your think about this:
shyouhei (Shyouhei Urabe) wrote:
... environment variables are in fact insecure. It is a very bad idea to store passwords there...
Updated by naruse (Yui NARUSE) over 7 years ago
- Status changed from Open to Closed
Applied in changeset trunk|r58461.
Allow Net::HTTP to fetch user/pass from http_proxy
Note that this feature is enabled only on environment variables are
multi-user safe. In this time the list includes Linux, FreeBSD, or
Darwin. [Bug #12921]
Updated by usa (Usaku NAKAMURA) over 7 years ago
- Tracker changed from Bug to Feature