Re: LYNX-DEV Getting proxies to work

[Benjamin C. W. Sittler]

On Fri, 16 May 1997, Alex Lyons A32/373-Winfrith Tel2368 FAX2508 wrote:

> > > One final (I hope!) point:  having got proxy authorisation to work
> > > alongside access authorisation, I suppose there ought to be an extra
> > > argument to the lynx command of the form "-pauth=id:pw".
> >
> > I'll merely suggest that this is a BAD IDEA(tm).
> > 
> > The reason:  in the case of UNIX, it exposes the "id" *and* the "password" 
> > to anyone on the local machine, who can run 'ps'.
> 
> I agree, but it appears to be the only way at present to use lynx to access
> protected documents non-interactively.  A more elegant solution would be to
> provide an option to dump/load the authorisation data structures (hostname,
> realm, uid, password, URL-mask), effectively allowing lynx to "remember" this
> information between sessions.  This would, of course, require a file with
> suitable permissions (ie none, except to the owner), probably in the user's
> home directory (did anyone say ".lynxrc"?).  A stop-gap solution would be to
> get lynx to modify its arglist to hide the sensitive argument(s), but maybe
> this can't be done on all platforms?

A slightly more secure method is to store the authorization information in
environment variables (for UNIX, djgpp, and Win32, at any rate -- not sure
about VMS.) Environment variables are not visible with the `ps' command on
most systems. Perhaps LYNXAUTH is a good name?

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;