[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Difference between wget 1.10.2 and later versions
|
From: |
Micah Cowan |
|
Subject: |
Re: [Bug-wget] Difference between wget 1.10.2 and later versions |
|
Date: |
Wed, 27 Oct 2010 21:06:29 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.11) Gecko/20101006 Thunderbird/3.1.5 |
On 10/27/2010 03:24 AM, Marek Hudik wrote:
> Hi,
> could you please help me with wget usage.
> I am using wget to download a report from my app. I get difference behavior
> for 1.10 and later versions.
Try with --auth-no-challenge. It was removed as default behavior because
it was an insecure default (sends password as cleartext, available to
snoopers). The way it's supposed to work is you make the request, then
the server challenges you to authenticate (hopefully more secure options
than cleartext passwords), then you submit the proper authentication and
obtain the resource. Unfortunately, some servers (such as the one giving
you trouble, probably), rather than responding to the initial
authenticationless request with the proper challenge, just send an
error. This means that you have to go through the annoying extra step of
adding the option I mentioned (or enabling it in your .wgetrc), but
without requiring you to do that, it would be impossible to avoid
sending cleartext passwords to those sites that support it (other than
HTTPS sites).
Hope that helps,
-mjc