hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laat, Harm de" <Harm.deL...@essent.nl>
Subject RE: ftp via http
Date Wed, 21 Dec 2005 11:24:59 GMT
Oleg,

I filed the bug.
Can you give me any indication on when this will be fixed?

Regards,

Harm!

-----Original Message-----
From: Oleg Kalnichevski [mailto:olegk@apache.org]
Sent: 21 December 2005 12:12
To: httpclient-user@jakarta.apache.org
Subject: Re: ftp via http


On Wed, Dec 21, 2005 at 11:39:30AM +0100, Laat, Harm de wrote:
> However,
> 
> There is a comment in URI::setURI():
> 
> L:2266 --> if (_userinfo != null) { // by default, remove userinfo part
> 
> Oleg, I tried to see which changes I would have to do in order to change
the
> behaviour so that the credentials are passed. Can you provide me with some
> pointers, as it seems to go throughout the whole sourcecode. I'm not sure
if
> I can break something else.
> 
> Regards,
> 
> Harm.
> 

Harm,
The URI and related classes is the sole area of code in HttpClient I
prefer to not touch even with a barge pole. This code has been
effectively unmaintained for over 2 years and I personally strongly
favour replacing it with standard java 1.4 URI class(es). It would be
much easier for me to fix it rather than to tell you want needs fixing

The best thing you could do now is to open a ticket for this issue in
Bugzilla

Oleg

> 
> 
> 
> -----Original Message-----
> From: Oleg Kalnichevski [mailto:olegk@apache.org]
> Sent: 21 December 2005 11:36
> To: httpclient-user@jakarta.apache.org
> Subject: Re: ftp via http
> 
> 
> On Wed, Dec 21, 2005 at 11:26:00AM +0100, Oleg Kalnichevski wrote:
> > On Wed, Dec 21, 2005 at 11:23:58AM +0100, Roland Weber wrote:
> > > Hi Oleg,
> > > 
> > > > I always thought the URI class was meant to represent an abstract
URI.
> > > 
> > > I'm not arguing against keeping uid/pwd in the URI objects.
> > > 
> > > > Besides, in my opinion if the uid/pwd are given in a URI, they
should
> be
> > > > preserved by HttpMethod classes even if they are not applicable for
a 
> > > > particular scheme/protocol
> > > 
> > > I don't think that uid/pwd should be included in the request
needlessly.
> > > I thought they were intentionally removed at some point in time for
the
> > > sake of improved security, but I might as well be wrong here. It is
hard
> > > to remember the different occasions on which I had discussion about
URLs
> > > containing passwords. 
> > > 
> > 
> > I'll check the commit history 
> > 
> > Oleg
> 
> I am unable to find anything in the commit history suggesting that this
> functionality was removed for security reasons
> 
> Oleg
> 
> 
> > 
> > > 
> > > cheers,
> > >   Roland
> > > 
> > > 
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail:
httpclient-user-help@jakarta.apache.org
> > > 
> > > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message