2

git clone https://<user-name>:<token>@github.com/<user-name>/<project-name>.git

Suppose an HTTPS request as above. I want to know, how secure would be this request/call?

More specifically, since my token (a secret) appears in the URL/call, would it make me more vulnerable to losing the token?

What would you say is more secure? Using the above URL method, or using the default approach (I enter the repository's URL, then Github asks me for the username and password/token)?

jww
  • 97,681
  • 90
  • 411
  • 885
MaJoR
  • 954
  • 7
  • 20
  • Before people flag this post for being too broad or opinion based, I want to point out that I just want to know the difference between the two methods objectively. – MaJoR Mar 12 '19 at 17:46
  • 1
    Somewhat related, [HTTPS URL with token parameter : how secure is it?](https://stackoverflow.com/q/643355/608639) and [Should sensitive data ever be passed in the query string?](https://security.stackexchange.com/q/29598/29925) I'm not familiar with Git's protocols, but I feel like `git://` would be safer than `https://`. `git://` could be reusing `https://` protocol elements, in which case they are probably equivalent. – jww Mar 13 '19 at 06:11
  • Thanks. It was a good read, and actually answers the question. Thanks! – MaJoR Mar 13 '19 at 14:53

0 Answers0