hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ortwin Gl├╝ck <ortwin.glu...@nose.ch>
Subject Re: Bug in HTTPUrl?
Date Wed, 28 Apr 2004 06:23:08 GMT


Roland Weber wrote:

> Hi Oleg,
> 
> see RFC 2396, URI: Generic Syntax, section 3.2.2:
> 
>       <userinfo>@<host>:<port>
> 
>    Some URL schemes use the format "user:password" in the userinfo
>    field. This practice is NOT RECOMMENDED, because the passing of
>    authentication information in clear text (such as URI) has proven to
>    be a security risk in almost every case where it has been used.
> 
> 
> cheers,
>   Roland

Roland,

of course it is out of question that this poses security problems. But 
this fact does not make the URI classes less buggy.

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message