Return-Path: Delivered-To: apmail-jakarta-commons-httpclient-dev-archive@www.apache.org Received: (qmail 55794 invoked from network); 28 Apr 2004 06:37:54 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 28 Apr 2004 06:37:54 -0000 Received: (qmail 88647 invoked by uid 500); 28 Apr 2004 06:37:30 -0000 Delivered-To: apmail-jakarta-commons-httpclient-dev-archive@jakarta.apache.org Received: (qmail 88562 invoked by uid 500); 28 Apr 2004 06:37:30 -0000 Mailing-List: contact commons-httpclient-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Commons HttpClient Project" Reply-To: "Commons HttpClient Project" Delivered-To: mailing list commons-httpclient-dev@jakarta.apache.org Received: (qmail 88543 invoked from network); 28 Apr 2004 06:37:29 -0000 Received: from unknown (HELO mtagate2.de.ibm.com) (195.212.29.151) by daedalus.apache.org with SMTP; 28 Apr 2004 06:37:29 -0000 Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49]) by mtagate2.de.ibm.com (8.12.10/8.12.10) with ESMTP id i3S6YpVi095384 for ; Wed, 28 Apr 2004 06:35:08 GMT Received: from d12ml067.megacenter.de.ibm.com (d12av02.megacenter.de.ibm.com [9.149.165.228]) by d12nrmr1607.megacenter.de.ibm.com (8.12.10/NCO/VER6.6) with ESMTP id i3S6YiYk161854 for ; Wed, 28 Apr 2004 08:34:45 +0200 In-Reply-To: <408F4DCC.4030100@nose.ch> To: "Commons HttpClient Project" MIME-Version: 1.0 Subject: Re: Bug in HTTPUrl? X-Mailer: Lotus Notes Release 6.0 September 26, 2002 From: Roland Weber X-MIMETrack: S/MIME Sign by Notes Client on Roland Weber/Germany/IBM(Release 6.0|September 26, 2002) at 28.04.2004 08:35:11, Serialize by Notes Client on Roland Weber/Germany/IBM(Release 6.0|September 26, 2002) at 28.04.2004 08:35:11, Serialize complete at 28.04.2004 08:35:11, S/MIME Sign failed at 28.04.2004 08:35:11: The cryptographic key was not found, Serialize by Router on D12ML067/12/M/IBM(Release 6.0.2CF2|July 23, 2003) at 28/04/2004 08:34:45, Serialize complete at 28/04/2004 08:34:45 Message-ID: Date: Wed, 28 Apr 2004 08:34:43 +0200 Content-Type: multipart/alternative; boundary="=_alternative 00242E63C1256E84_=" X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N --=_alternative 00242E63C1256E84_= Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Hi Ortwin, the quote was not meant as an estimation. Just a hint why that part of the URI spec might be less well known as others. BTW, the section also defines the valid characters: userinfo =3D *( unreserved | escaped | ";" | ":" | "&" | "=3D" | "+" | "$" | "," ) cheers, Roland Ortwin Gl=FCck 28.04.2004 08:23 Please respond to "Commons HttpClient Project" =20 To: Commons HttpClient Project=20 cc:=20 Subject: Re: Bug in HTTPUrl? Roland Weber wrote: > Hi Oleg, >=20 > see RFC 2396, URI: Generic Syntax, section 3.2.2: >=20 > @: >=20 > Some URL schemes use the format "user:password" in the userinfo > field. This practice is NOT RECOMMENDED, because the passing of > authentication information in clear text (such as URI) has proven to > be a security risk in almost every case where it has been used. >=20 >=20 > cheers, > Roland Roland, of course it is out of question that this poses security problems. But=20 this fact does not make the URI classes less buggy. --------------------------------------------------------------------- To unsubscribe, e-mail:=20 commons-httpclient-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail:=20 commons-httpclient-dev-help@jakarta.apache.org --=_alternative 00242E63C1256E84_=--