curl offers several ways to receive passwords from the user and then
subsequently pass them on or use them to something else.

The most basic curl authentication option is . It accepts an
argument that is the user name and password, colon separated. Like when alice
wants to request a page requiring HTTP authentication and her password is
‘12345’:

Several potentially bad things are going on here. First, we are entering a
password on the command line and the command line might be readable for other
users on the same system (assuming you have a multi-user system). curl
will help minimize that risk by trying to blank out passwords from process
listings.

One way to avoid passing the user name and password on the command line is to
instead use a or a config
file. You can also use the option without
specifying the password, and then curl will instead prompt the user for it
when it runs.

Network leakage

There are several ways to avoid this, and the key is, of course, then to avoid
protocols or authentication schemes that sends credentials in the plain over
the network. Easiest is perhaps to make sure you use encrypted versions of
protocols. Use HTTPS instead of HTTP, use FTPS instead of FTP and so on.

If you need to stick to a plain text and insecure protocol, then see if you
can switch to using an authentication method that avoids sending the
credentials in the clear. If you want HTTP, such methods would include Digest
(), Negotiate () and NTLM ().