How to use passwords securely with wget

Wget Password: How to use passwords securely with wget

Written on  October 20th, 2010 at 16:37 pm by  shredder12

• wget 
• Security

Before the Wget 1.12 version, in order to fetch the authenticated http/ftp pages, we had to provide the password in clear text which was quite insecure. Since that version, a new option, --ask-password, has been included which prompts the user to fill the password in a secure manner(hidden like unix passwd).

The regular way to fetch authenticated pages is done by using the --user and --password options. e.g.

[shredder12]$ wget --user=chia --password=secret http://foo.bar/somepage.php

As you can see the user has to enter the password in clear text. By using --ask-password, we can avoid this scenario.

[shredder12]$ wget --user=chia --ask-password http://foo.bar/somepage.php
password for chia:

Although, this will require the user to be present in order to enter the password.

You would have figured it out by now that this method won't work in case of scripts, where no user would be present to enter the password. The work around in such cases is to enter the username and passwork in the wget's configuration file - wgetrc. Even this method is a good way to avoid entering passwords in scripts. All you need to do is enter these two options in either ~/.wgetrc or /etc/wgetrc file.

user=chia
password=secret

If you want to provide separate password for http or ftp then use the --http-user, --http-password and --ftp-user, --ftp-password options. Similarly, the wgetrc's option would become

http_user=chia
http_password=secret
ftp_user=userofftp
ftp_password=anothersecret