~~~~~~~~~~~~~~
Ever connect to one of those websites that tells you your username, password, ip address and stuff? Well, we�re about to release a patch that will stop that functionality. If you have any websites that incorporates logons into the URL request, you�ll have to find another way to authenticate. Following is the article from PSS Security.
On 27 January 2004, Microsoft published a Knowledge Base article, 834489, that details changes which will be made in a forthcoming security update in the behavior of how Internet Explorer handles user information in HTTP and HTTPS URLs. Specifically, once this forthcoming security update is applied, by default, URLs that contain user information will no longer be supported and users will receive the error message "Invalid syntax error". HTTP and HTTPS URLs that contain user information take the format of: http(s)://username:[EMAIL PROTECTED]/resource.ext.
Web site operators who currently rely on HTTP or HTTPS URLs with user information should take steps to implement other forms of authentication, as detailed in the Knowledge Base article to minimize the likely impact that this design change will have on their customers.
While it is not recommended, it is possible for customers to re-enable support for user information in HTTP and HTTPS URLs via a registry change on the client system. This information is detailed in the knowledge base article.
This change is not to remediate any specific or particular product vulnerability. Instead, it is a design change that is being made to enhance overall security in Internet Explorer.
More details are available in Knowledge Base article, 834489.
Here's the link to the KB article:
http://support.microsoft.com/default.aspx?scid=kb;[LN];834489
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
