Upstream proxy authentication - Is it possible to obfuscate password?

[jmoalves]

I need to configure my Upstream proxy with authentication.

Is it possible to obfuscate the password?

Upstream http myUser:myPassword@proxyHost:proxyPort

Sugestions: a) Ask for the key during startup and using it to decript the password b) Allowing the config file to be read from stdin and we could use openssl to decrypt it.

Encryption / decryption example with config from stdin

tinyproxy.conf - initial plain text config

Encrypt

openssl enc -in tinyproxy.conf -e -aes256 -pbkdf2 > tinyproxy.conf.enc rm tinyproxy.conf

Run tinyproxy

openssl enc -in tinyproxy.conf.enc -d -aes256 -pbkdf2 | tinyproxy -d -c-

In this scenario, -c- would allow config to be read from stdin.

[rofl0r]

please try this patch:

diff --git a/src/conf.c b/src/conf.c
index 4b5f33a..07d6225 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -449,7 +449,10 @@ static int load_config_file (const char *config_fname, struct config_s *conf)
         FILE *config_file;
         int ret = -1;

-        config_file = fopen (config_fname, "r");
+        if (config_fname[0] == '-' && !config_fname[1])
+            config_file = stdin;
+        else
+            config_file = fopen (config_fname, "r");
         if (!config_file) {
                 fprintf (stderr,
                          "%s: Could not open config file \"%s\".\n",
@@ -466,7 +469,7 @@ static int load_config_file (const char *config_fname, struct config_s *conf)
         ret = 0;

 done:
-        if (config_file)
+        if (config_file && config_file != stdin)
                 fclose (config_file);

         return ret;

note that using stdin, the config reload option of tp via SIGUSR1 won't work.