Download: Stable · Snapshot | Docs | Changes | Wishlist
Currently, proxy passwords have to be stored unencrypted in the registry, or entered manually through the setup dialogue before every session. It should be possible to enter them at the time the connection is set up, like other passwords. This would also make use of authentication schemes where the password is always changing more practical.
Note that PuTTY can make multiple connections through a proxy (for instance for connections initiated by SSH port-forwarding). Since we may not have a convenient channel to interact with the user at the time a proxy connection is initiated, we'll have to prompt for the credentials before making a connection, and cache them in memory for the duration of the session.
Each proxied connection maps to exactly one actual network connection, and our UI may need to reflect this. This means that if you get your password wrong, you won't be prompted to retry (you'll have to restart the session or something similar). Similarly, we can't quietly attempt to log in without a password and then prompt the user only when necessary; the user has to be able to specify whether authentication should be attempted, and if it is, they will be prompted.
I (JTN) have just checked all the proxy protocols we support (SOCKS4, SOCKS5, HTTP), and I don't think any of them support the sending of username but no password (as opposed to an empty password).
Therefore I think this change to the proxy authentication UI should suffice:
[x] Attempt username/password authentication Username: (o) prompt ( ) use this: [abc123 ] Password: (o) prompt ( ) use this: [****** ]
and would map onto proxy types as follows:
I guess that prompting should occur by the normal mechanism of a prompt in the terminal window, which probably means some upheaval. Probably a good time to implement proxy-logging too.
Legacy settings: preserve whatever the current implied behaviour turns out to be, I guess.