www.delorie.com/gnu/docs/wget/wget_42.html   search  
 
Buy GNU books!

GNU Wget Manual

[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

9.2 Security Considerations

When using Wget, you must be aware that it sends unencrypted passwords through the network, which may present a security problem. Here are the main issues, and some solutions.

  1. The passwords on the command line are visible using ps. The best way around it is to use wget -i - and feed the URLs to Wget's standard input, each on a separate line, terminated by C-d. Another workaround is to use `.netrc' to store passwords; however, storing unencrypted passwords is also considered a security risk.

  2. Using the insecure basic authentication scheme, unencrypted passwords are transmitted through the network routers and gateways.

  3. The FTP passwords are also in no way encrypted. There is no good solution for this at the moment.

  4. Although the "normal" output of Wget tries to hide the passwords, debugging logs show them, in all forms. This problem is avoided by being careful when you send debug logs (yes, even when you send them to me).


  webmaster   donations   bookstore     delorie software   privacy  
  Copyright © 2003   by The Free Software Foundation     Updated Jun 2003  

Please take a moment to fill out this visitor survey
You can help support this site by visiting the advertisers that sponsor it! (only once each, though)