git.ipfire.org Git - thirdparty/git.git/commit

author	Jeff King <peff@peff.net>
	Wed, 13 Jul 2016 23:36:53 +0000 (19:36 -0400)
committer	Junio C Hamano <gitster@pobox.com>
	Thu, 14 Jul 2016 16:23:20 +0000 (09:23 -0700)
commit	882d49ca5cb6a584a37ab0266b8720b5b0bf2101
tree	212c066ae080bb18d488a2ee864eee6a0f572fe0	tree \| snapshot
parent	765428699a5381f113d19974720bc91b5bfeaf1d	commit \| diff

push: anonymize URL in status output

Commit 47abd85 (fetch: Strip usernames from url's before
storing them, 2009-04-17) taught fetch to anonymize URLs.
The primary purpose there was to avoid sticking passwords in
merge-commit messages, but as a side effect, we also avoid
printing them to stderr.

The push side does not have the merge-commit problem, but it
probably should avoid printing them to stderr. We can reuse
the same anonymizing function.

Note that for this to come up, the credentials would have to
appear either on the command line or in a git config file,
neither of which is particularly secure. So people _should_
be switching to using credential helpers instead, which
makes this problem go away. But that's no excuse not to
improve the situation for people who for whatever reason end
up using credentials embedded in the URL.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

t/t5541-http-push-smart.sh		diff \| blob \| blame \| history
transport.c		diff \| blob \| blame \| history