Dear Laurentiu, I don't use command line tools. I use GDAL API. I only used them here to show the problem. For similar reasons I wouldn't even like to use global configuration options :-) In my opinion, the most clean way to do it is to hide credentials in dataset instance.
Michał wt., 29 paź 2024 o 15:18 Laurențiu Nicola via gdal-dev < gdal-dev@lists.osgeo.org> napisał(a): > Hi, > > It's unlikely to be a problem for you, but credential passing via > command-line arguments is considered an anti-pattern because they're > visible by other users who might be looking at the running process list. > Environment variables are better because other users can't inspect them. > > Of course, this is arguably even less relevant in today's container/k8s > world, and config options are awkward when you need to open multiple > datasets from different sources. > > Laurentiu > > On Tue, Oct 29, 2024, at 14:53, Michał Kowalczuk via gdal-dev wrote: > > Hi GDAL friends! > > Why service credentials (username & password) can not be entered with open > options (*-oo UserPwd=user:pass*) when working with OGC services (tested > against WMS)? > > I know there is a config option *GDAL_HTTP_USERPWD=value* but it's not > clean solution in my opinion. Credential should be related to and owned by > the dataset not the global environmental variable. What if I use more than > one services that need credentials? > > I know there is a "UserPwd" XML tag when using xml as an open path, but > this limits the use of other open methods ( > https://gdal.org/en/latest/drivers/raster/wms.html#xml-description-file). > > So, the following returns dataset info > *gdalinfo "WMS:sample_wms_service?request=getcapabilities&service=wms" > --config GDAL_HTTP_USERPWD=user:pass* > > and the following: > *gdalinfo "WMS: > sample_wms_service?request=getcapabilities&service=wms" -oo > UserPwd=user:pass* > returns error: > > > *ERROR 1: HTTP error code : 401ERROR 1: Error returned by server : HTTP > error code : 401 (0)gdalinfo failed - unable to open* ... > > Unfortunately, I can not share the sample service and it's credentials, > but it is not needed for answer my general question. > > Thank you in advance for your interest in the problem > Michał Kowalczuk > _______________________________________________ > gdal-dev mailing list > gdal-dev@lists.osgeo.org > https://lists.osgeo.org/mailman/listinfo/gdal-dev > > > _______________________________________________ > gdal-dev mailing list > gdal-dev@lists.osgeo.org > https://lists.osgeo.org/mailman/listinfo/gdal-dev >
_______________________________________________ gdal-dev mailing list gdal-dev@lists.osgeo.org https://lists.osgeo.org/mailman/listinfo/gdal-dev
