IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Internet Forum / Somebody mentioned here
Post #142,370
by Arkadiy
Picture of Arkadiy
2/19/04 2:30:52 PM
Reply
New Somebody mentioned here
about Microsoft disabling user:password@host syntax in URLs?

Our customer got bitten by this. Could you point me at some Microsoft document?
--

The number of the beast - vi vi vi
--[link|http://c2.com/cgi/wiki?QuotesOnComputers|Delexa Jones]
Post #142,372
by altmann
2/19/04 2:36:52 PM
Reply
New ->
[link|http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;834489|http://support.micro...b;%5BLN%5D;834489]
--
Chris Altmann
Post #142,384
by Arkadiy
Picture of Arkadiy
2/19/04 3:27:40 PM
Reply
New Thank you
--

The number of the beast - vi vi vi
--[link|http://c2.com/cgi/wiki?QuotesOnComputers|Delexa Jones]
Post #142,379
by pwhysall
Picture of pwhysall
2/19/04 3:05:05 PM
Reply
New Get over it, I say.
user@host in a URL is out of spec anyway and fearfully insecure. Do it properly. Well, you're going to have to - IE won't support that any more.

Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home Page - Now with added Zing!]
Post #142,381
by Arkadiy
Picture of Arkadiy
2/19/04 3:24:20 PM
Reply
New After some research, I have to agree
It's out-of-spec as of [link|http://www.ietf.org/rfc/rfc2396.txt|1998]. However, like many legacy things, it endured. For MS to break it like they did is extremely inconsiderate. And, they broke it for the wrong reason. Not because user name/password is transmitted in clear text (it isn't, really - it's parsed by the browser and used in normal authentication protocol). Rather, because it's used to mask the real hostname in URL. Stoooopid.

--

The number of the beast - vi vi vi
--[link|http://c2.com/cgi/wiki?QuotesOnComputers|Delexa Jones]
     Somebody mentioned here - (Arkadiy) - (4) - Feb. 19, 2004, 02:30:52 PM EST
         -> - (altmann) - (1) - Feb. 19, 2004, 02:36:52 PM EST
             Thank you -NT - (Arkadiy) - Feb. 19, 2004, 03:27:40 PM EST
         Get over it, I say. - (pwhysall) - (1) - Feb. 19, 2004, 03:05:05 PM EST
             After some research, I have to agree - (Arkadiy) - Feb. 19, 2004, 03:24:20 PM EST

And he laughed and he laughed and he laughed.
51 ms