hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ROLWE...@de.ibm.com>
Subject Re: Bug in HTTPUrl?
Date Wed, 28 Apr 2004 06:34:43 GMT
Hi Ortwin,

the quote was not meant as an estimation.
Just a hint why that part of the URI spec
might be less well known as others.

BTW, the section also defines the valid characters:

      userinfo      = *( unreserved | escaped |
                         ";" | ":" | "&" | "=" | "+" | "$" | "," )

cheers,
  Roland






Ortwin Gl├╝ck <ortwin.glueck@nose.ch>
28.04.2004 08:23
Please respond to "Commons HttpClient Project"
 
        To:     Commons HttpClient Project 
<commons-httpclient-dev@jakarta.apache.org>
        cc: 
        Subject:        Re: Bug in HTTPUrl?




Roland Weber wrote:

> Hi Oleg,
> 
> see RFC 2396, URI: Generic Syntax, section 3.2.2:
> 
>       <userinfo>@<host>:<port>
> 
>    Some URL schemes use the format "user:password" in the userinfo
>    field. This practice is NOT RECOMMENDED, because the passing of
>    authentication information in clear text (such as URI) has proven to
>    be a security risk in almost every case where it has been used.
> 
> 
> cheers,
>   Roland

Roland,

of course it is out of question that this poses security problems. But 
this fact does not make the URI classes less buggy.

---------------------------------------------------------------------
To unsubscribe, e-mail: 
commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: 
commons-httpclient-dev-help@jakarta.apache.org



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message