wininet: Support http_proxy environment variable

[Tobias Burnus]

Hi,

Augusto Arcoverde da Rocha schrieb:
> IMHO, the current password exposition is a ugly thing:
> $ export http_proxy=http://user:__>>**password**<<__ at host.dom:8080
I wouldn't worry to much about a PROXY password. I mean who can access
files and environment variables? Basically only you and the
administrator of your system.

I think the bigger problem is that guessed 99% of all proxies, which ask
for passwords, transmit them in clear. (I think there is no SSL protocol
or digest protocol which is widely supported.)

(Our university's computation centre offers a password-proxy access
using the username/password. I'm slightly reluctant to save that
password on my laptop and I'm fully against transmitting it with every
HTTP request. Thus I'm using a ssh tunnel with localhost:8080 as proxy.)

> I think would be preferable hide the password typing and don't storing
> it in a file like system register, maintaining it in the memory only.
> Perhaps getting the password altrougt some interactive process which
> hide the password.
Well, exactly that you get if you add the following into your .bashrc:

printf 'Enter Password for the HTTP PROXY: '
stty -echo
read pass
stty echo
echo ""
http_proxy="http://$USER:$pass@hostname:port/"
export http_proxy

Otherwise: Many programs automatically ask for a password if 
protcol://user@hostname:port/ didn't succeed.
(At least Mozilla does so for the proxy.) I wouldn't be surprised if the
Internet Explorer did the same. (It does for ftp://foo@bar.com/).

Tobias