catalog Info Catalog previous wget: Robot Exclusion up wget: Appendices next wget: Contributors

wget: Security Considerations

 
 9.2 Security Considerations
 ===========================
 
 When using Wget, you must be aware that it sends unencrypted passwords
 through the network, which may present a security problem.  Here are the
 main issues, and some solutions.
 
   1. The passwords on the command line are visible using ‘ps’.  The best
      way around it is to use ‘wget -i -’ and feed the URLs to Wget’s
      standard input, each on a separate line, terminated by ‘C-d’.
      Another workaround is to use ‘.netrc’ to store passwords; however,
      storing unencrypted passwords is also considered a security risk.
 
   2. Using the insecure “basic” authentication scheme, unencrypted
      passwords are transmitted through the network routers and gateways.
 
   3. The FTP passwords are also in no way encrypted.  There is no good
      solution for this at the moment.
 
   4. Although the “normal” output of Wget tries to hide the passwords,
      debugging logs show them, in all forms.  This problem is avoided by
      being careful when you send debug logs (yes, even when you send
      them to me).
catalog Info Catalog previous wget: Robot Exclusion up wget: Appendices next wget: Contributors