"hg archive" with remote URL

Mutlu Dogruel mutludogruel at gmail.com
Fri Aug 9 20:40:33 UTC 2013


On 9 Aug 2013, at 18:28, Martin Geisler <martin at geisler.net> wrote:
> 
> That is not correct when you connect to a HTTPS URL. The client will
> establish a secure connection before sending the username and password
> to authenticate itself. It is correct that the password is sent in
> cleartext inside the encrypted channel, but outside observers sniffing
> the network cannot see it.
> 
>> The solution is to use a "digest access authentication" which is
>> theoretically supported both by wget and curl.
> 
> Digest authentification helps you when you're connecting to HTTP
> addreses. Basic auth sends the username and password in cleartext to the
> server -- with digest auth the client sends a hashed version of the
> password.
> 
> -- 
> Martin Geisler

Thank you both for the clarifications.



More information about the Mercurial mailing list