Several Methods for tortoisehg to automatically save the synchronization Password

Tortoisehg is a visual client tool for the cross-platform mercurial distributed version control system. If you use HTTPS protocol to synchronize code with the server, you need to enter a password, which is annoying. According to the different requirements of users on Password Storage Security, several methods are summarized to avoid entering password information in the same step. The following uses the Chinese version of tortoisehg 2.0 as an example.

1. Non-encrypted Mode

The non-encrypted mode is to directly place the synchronization password in the configuration file. This method is fast but not conducive to the security of the password. There are several ways to set the password:

(1) set for the first clone

When you need to clone the server code for the first time in a folder, you can include the user name and password in the "Source" address in the following interface:

Replace username and password with the actual user name and password respectively.

(2) set in the configuration file

In fact, after the above method settings, these strings are saved in the configuration file. If the above password information is not entered for the first time, you can modify the configuration file to achieve the goal. The configuration file is in the target folder. the file named hgrc In the Hg folder (similar to the web in Asp.net. config, each cloned code library has an hgrc file, and its settings are only valid for the current code library ), open the file in text to display the configuration information (you can right-click the folder-tortoisehg-repository settings, and select the "edit file" button in the upper right corner to open the file ):

The default value under the above paths branch is the "Source" set in (1) above. If it is not set before, you can add the user name and password information here at any time.

In addition, if the tortoisehg-based mercurial version is 1.3 or later (tortoisehg 2.0 is based on mercurial 1.8, so you can), the preceding configuration file can also be configured as follows:

That is, place the synchronized username and password information in the auth section. Note that there must be no less than one of the three lines in auth. The first line is the URL prefix information synchronized, the second line is the username, and the third line is the password, where XXX is an arbitrary legal string, you only need to ensure that the XXX of the three rows is the same. Although the prefix and default in auth and paths seem to be somewhat repetitive, there must be no less.

Auth: In the current code library, all URLs starting with http://bitbucket.org (as XXX) are synchronized with username and password.

Note:Although passwords are stored in the configuration file in plain text, these passwords are displayed as asterisks in workbench. However, an exception is also a bug, that is, if the password contains the @ character, the password will be unfortunately displayed in workbench from the @ character to the end, not only some passwords are exposed, in addition, the synchronized URL is parsed incorrectly and cannot be synchronized.

We can see that if the password isPass @ word, '@ Word' will be displayed in plain text, while the pass in front of @ is displayed as a normal asterisk, mainly because @ in the password is resolved'Username: password @ URL'The @ in, that is, the entire URL is incorrectly divided. Therefore, if the password is the same, the password setting method is invalid.

(3) global settings

As we can see above, if users and password information are stored in hgrc for each code base, the passwords will be distributed in many places, with the lowest security. Fortunately, tortoisehg provides a global setting, similar to Asp.net's machine. the Config File takes effect for all code libraries. This file is generally used in Windows systems as mercurial. INI file (you can right-click the folder-tortoisehg-global settings, and select "edit file" in the upper right corner to open the file)

Hg global configuration file location

• In XP, it is generally:C: \ Documents ents and Settings \ Administrator \ mercurial. ini

• In other Windows versions, it is automatically generated in your user document directory:C: \ Documents ents and Settings \ {user name} \ mercurial. ini

You can configure it in the following way:

In the future, all URLs starting with https://bitbucket.org/foo/in the code library on the local machine will use foo_passwdto separate user names and passwords.Https://bitbucket.org/bar/when started, both barand bar_passwdare used as the user name and password.

In this way, all password information is saved in a file, reducing the workload of password configuration. For more information about the configuration, see 《Login ing user auth for HTTPS.

2. Encryption Method

The above methods are provided to save the password in non-encrypted mode, with low security and good performance. Since tortoisehg 0.10,Mercurial-KeyringThe password can be encrypted and stored in a password database.

The only step we need to do is to enable this extension. The method is as follows, as long as it is in the configuration file (if you want this extension to take effect only for a code library, modify the corresponding directory. if you want the extension to take effect for all code libraries, find mercurial. INI file) Add the following string:

[extensions]mercurial_keyring=

You can also select mercurial_keyring in tortoisehg> repository settings/Global Settings> extension.

Because the extension is enabled, the tortoisehg software needs to be restarted. Fortunately, all of this is automatically completed by him.

After performing the preceding operations, configure the hgrc file as described in the first method. Remember, you do not need to specify a password in the file, however, you must have the username information (you can set the username in auth or path ). In this way,During the first synchronization, you need to enter the password and no longer need to enter the password.The password will be encrypted and saved, which greatly improves the security of the password. In addition, if the password is changed, the password input box will pop up to update the password information, and the above Configuration modification method, if the set password is incorrect, only errors are reported and no updates are required.

 

Note 1:The above configuration files will not be transmitted along with the synchronization operation. Therefore, the configuration information (especially the password) in the files is safe compared with the outside world, and the aforementioned configuration files are not safe, it is based on a local computer.

NOTE 2:Tortoisehg is an excellent GUI client of mercurial. The above introduction is based on tortoisehg. Some can modify the configuration file manually, while others can be implemented directly on the GUI interface. If you use mercurial directly, the configuration process may be different. In command mode, some extensions must be manually installed and enabled. You can query relevant information for configuration.

Remarks3:In fact, mercurial fully supports SSH synchronization without providing a password, which greatly improves security. However, other configurations are still required, which is not covered in this article, see Using SSH to access your Bitbucket Repository