give away the number of characters in the password by replacing each character
with a 'x'. Use "<password>" instead.
it into this new file, to fix spelling mistakes, to clarify, etc.
* url.c (write_backup_file): Clarified a comment.
+ (str_url): Henrik van Ginhoven pointed out on the list that we
+ shouldn't give away the number of characters in the password by
+ replacing each character with a 'x'. Use "<password>" instead.
* ftp.c (ftp_retrieve_dirs): I don't see a ChangeLog entry for
this, but the bug where recursion into FTP directories didn't work
user = CLEANDUP (u->user);
if (u->passwd)
{
- int j;
- passwd = CLEANDUP (u->passwd);
if (hide)
- for (j = 0; passwd[j]; j++)
- passwd[j] = 'x';
+ /* Don't output the password, or someone might see it over the user's
+ shoulder (or in saved wget output). Don't give away the number of
+ characters in the password, either, as we did when we replaced the
+ password characters with 'x's. */
+ passwd = "<password>";
+ else
+ passwd = CLEANDUP (u->passwd);
}
if (u->proto == URLFTP && *dir == '/')
{