www.fifi.org
    Documentation
        Manpages
        GNU Info
        Debian document tree
        Whole document tree
    Trigance web page
    Public services
    User info
    Mailing lists
    Secure server
    Multilingual usage
 

Copyright (C) 2000-2012
Philippe Troin
<webmaster@fifi.org>.

Validate HTML
Validate CSS

    

GNU Info

Info Node: (wget.info)Security Considerations

(wget.info)Security Considerations

Next: Contributors Prev: Robots Up: Appendices
Enter node , (file) or (file)node 

Security Considerations
=======================

   When using Wget, you must be aware that it sends unencrypted
passwords through the network, which may present a security problem.
Here are the main issues, and some solutions.

  1. The passwords on the command line are visible using `ps'.  The
     best way around it is to use `wget -i -' and feed the URLs to
     Wget's standard input, each on a separate line, terminated by
     `C-d'.  Another workaround is to use `.netrc' to store passwords;
     however, storing unencrypted passwords is also considered a
     security risk.

  2. Using the insecure "basic" authentication scheme, unencrypted
     passwords are transmitted through the network routers and gateways.

  3. The FTP passwords are also in no way encrypted.  There is no good
     solution for this at the moment.

  4. Although the "normal" output of Wget tries to hide the passwords,
     debugging logs show them, in all forms.  This problem is avoided by
     being careful when you send debug logs (yes, even when you send
     them to me).
automatically generated by info2www version 1.2.2.9