Info Catalog wget: Robot Exclusion wget: Appendices wget: Contributors

wget: Security Considerations

1 
1 9.2 Security Considerations
1 ===========================
1 
1 When using Wget, you must be aware that it sends unencrypted passwords
1 through the network, which may present a security problem.  Here are the
1 main issues, and some solutions.
1 
1   1. The passwords on the command line are visible using ‘ps’.  The best
1      way around it is to use ‘wget -i -’ and feed the URLs to Wget’s
1      standard input, each on a separate line, terminated by ‘C-d’.
1      Another workaround is to use ‘.netrc’ to store passwords; however,
1      storing unencrypted passwords is also considered a security risk.
1 
1   2. Using the insecure “basic” authentication scheme, unencrypted
1      passwords are transmitted through the network routers and gateways.
1 
1   3. The FTP passwords are also in no way encrypted.  There is no good
1      solution for this at the moment.
1 
1   4. Although the “normal” output of Wget tries to hide the passwords,
1      debugging logs show them, in all forms.  This problem is avoided by
1      being careful when you send debug logs (yes, even when you send
1      them to me).
1
Info Catalog wget: Robot Exclusion wget: Appendices wget: Contributors