From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Sachin tiwari <sjtiwari007@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: Bug Report
Date: Fri, 15 Nov 2024 20:08:27 +0000 [thread overview]
Message-ID: <ZzeqO9n_6dLBgRmX@tapette.crustytoothpaste.net> (raw)
In-Reply-To: <CAGoMMr+f4oqgDqq_1h4cV39GVRd8fgzEzHgBP8fJsJ+HAgiwqQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1624 bytes --]
On 2024-11-15 at 13:02:21, Sachin tiwari wrote:
> Sachin tiwari <sjtiwari007@gmail.com>
>
> 18:28 (3 minutes ago)
> to git
> Hello,
> Title:Git Clones Repository Even After Incorrectly Inputting Personal
> Access Token (PAT) and Leaving Password Blank
>
> Description:
> When cloning a repository using HTTPS, Git prompts for the username
> and password. However, if a Personal Access Token (PAT) is mistakenly
> entered when prompted for a username and the password is left empty,
> the repository is cloned successfully without any authentication
> failure. This behavior should not occur, as Git should ideally reject
> the clone operation when a PAT is input as a username and no password
> is provided.
This isn't a bug. Git itself has no way of knowing whether what you put
in a field is a username, password, token, or something else entirely.
The decision on authentication is made by the remote system, and it can
apply arbitrary policies on what to accept and what not to.
My guess is that you're using GitHub, and GitHub allows you to do this.
GitHub requires that you use a token, and it can be in the username or
password field, mostly for backwards compatibility (changing it now
would break a lot of things and isn't really possible).
I would say that it's definitely strongly recommended to not put secrets
in the username, because many tools will filter passwords from logs, but
the username is often not filtered, so you _should not_ do this, but
with GitHub, you can indeed do it if you really want.
--
brian m. carlson (they/them or he/him)
Toronto, Ontario, CA
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
next prev parent reply other threads:[~2024-11-15 20:08 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-15 13:02 Bug Report Sachin tiwari
2024-11-15 20:08 ` brian m. carlson [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-12-17 10:45 Bug report István Gergely Édes
2024-10-13 15:44 Bug Report =?gb18030?B?zuLUqsrY?=
2024-10-14 5:04 ` Koji Nakamaru
2024-10-14 6:02 ` Johannes Schindelin
2024-10-14 6:22 ` Koji Nakamaru
2024-10-15 0:40 ` Taylor Blau
2024-10-09 3:23 Bug report Ed Reel
2024-10-14 6:10 ` Johannes Schindelin
2024-07-19 18:34 Roman Dvoskin
2024-07-19 20:13 ` brian m. carlson
2024-07-19 20:35 ` Roman Dvoskin
2024-07-19 20:40 ` rsbecker
2023-08-28 12:51 Dexter Pontañeles
2023-06-27 16:02 Bug Report Tiago d'Almeida
2022-12-28 2:43 Bug report Jensen Bean
2022-12-28 5:02 ` Eric Sunshine
2022-12-25 17:26 bug report Eyal Post
2022-12-25 18:12 ` Eric Sunshine
2022-12-08 5:29 Bug Report Jensen Bean
2022-12-08 8:31 ` Bagas Sanjaya
[not found] ` <CANqKdC-gHgQHn5DMoOREY52y7PpRLMpNAjX3qeA5iy9z_GXdzw@mail.gmail.com>
2022-12-26 2:15 ` Bagas Sanjaya
2022-11-19 20:20 Jensen Bean
2022-10-03 15:28 Bug report Alastair Douglas
2022-10-03 16:53 ` Junio C Hamano
2022-10-04 10:15 ` Alastair Douglas
2022-10-05 5:46 ` Junio C Hamano
2022-04-20 19:45 Bug Report Daniel Habenicht
2022-04-20 21:30 ` brian m. carlson
2022-04-20 22:34 ` rsbecker
2022-04-21 13:20 ` Daniel Habenicht
2022-04-21 14:39 ` Torsten Bögershausen
[not found] ` <AS1P190MB175022A7F1264807ECA464A8ECF49@AS1P190MB1750.EURP190.PROD.OUTLOOK.COM>
2022-04-21 17:52 ` Torsten Bögershausen
2021-12-01 22:31 Josh Rampersad
2021-11-12 4:22 bug report Theodore Li
2021-11-12 4:29 ` Junio C Hamano
2021-11-12 6:59 ` Theodore Li
2021-11-12 14:05 ` Paul Smith
2020-03-27 11:53 Bug Report James Yeoman
2020-03-27 12:59 ` Pratyush Yadav
[not found] <CA+2sEepTyrK-iH+VBHVF1i9DuYVzDkTNxuM0-yoWbkC9N4f8HA@mail.gmail.com>
2019-04-15 15:18 ` bug report Nick Steinhauser
2017-08-30 21:25 Bug report Aleksandar Pavic
2017-08-31 6:36 ` Kevin Daudt
2017-08-31 14:19 ` Dov Grobgeld
2017-08-31 14:55 ` Aleksandar Pavic
2017-08-31 16:23 ` Stephan Beyer
2017-09-02 8:49 ` Jeff King
2016-05-13 5:04 bug report 李本超
2016-05-13 5:23 ` Pranit Bauva
2016-05-13 5:58 ` 李本超
2016-05-13 6:37 ` Pranit Bauva
2016-05-13 6:57 ` 李本超
2016-05-13 7:10 ` Pranit Bauva
2016-05-13 7:41 ` 李本超
2016-05-13 8:10 ` Jeff King
2016-05-13 12:05 ` 李本超
2016-04-03 0:25 Bug Report Benjamin Sandeen
2016-04-03 2:20 ` Eric N. Vander Weele
2016-04-03 2:22 ` Jacob Keller
2015-01-27 14:43 bug report Albert Akhriev
2015-01-27 14:50 ` Jeff King
[not found] <CAC34_pT9zwZDnUjo1bTUZabD02M48=_+77-mNCA5adWTgxuYgg@mail.gmail.com>
2013-04-08 5:20 ` Bug Report Kirk Fraser
2012-10-05 10:13 Bug report Муковников Михаил
2012-10-05 10:32 ` Konstantin Khomoutov
2012-10-05 10:47 ` Carlos Martín Nieto
2012-10-05 11:03 ` Муковников Михаил
2012-10-05 10:52 ` Муковников Михаил
2012-10-04 4:35 John Whitney
2012-10-04 14:19 ` Phil Hord
2012-10-04 16:10 ` John Whitney
2012-10-06 13:31 ` Jeff King
2012-10-07 2:23 ` John Whitney
2012-10-07 23:52 ` Jeff King
2012-10-09 17:17 ` John Whitney
2012-10-09 19:00 ` John Whitney
2012-10-04 15:21 ` Andrew Wong
2012-10-04 16:16 ` John Whitney
2012-10-04 16:28 ` John Whitney
2012-10-04 17:01 ` Andrew Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZzeqO9n_6dLBgRmX@tapette.crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=git@vger.kernel.org \
--cc=sjtiwari007@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).