Hi Oleg,
see RFC 2396, URI: Generic Syntax, section 3.2.2:
<userinfo>@<host>:<port>
Some URL schemes use the format "user:password" in the userinfo
field. This practice is NOT RECOMMENDED, because the passing of
authentication information in clear text (such as URI) has proven to
be a security risk in almost every case where it has been used.
cheers,
Roland
Oleg Kalnichevski <[EMAIL PROTECTED]>
27.04.2004 18:44
Please respond to "Commons HttpClient Project"
To: Jakarta Commons HttpClient mailing list
<[EMAIL PROTECTED]>
cc:
Subject: Re: Bug in HTTPUrl?
Folks,
Any idea what to do with one? First of all, user name and password in
HTTP url is something completely new to me. Any idea what Sung-Gu had in
mind?
Oleg
On Fri, 2004-04-02 at 16:08, Gustav Munkby wrote:
> hi,
>
> If I do:
>
> HTTPUrl url = new HTTPUrl("kurt", "nicepass#", hostname, 80, path);
>
> throws a URIException with message "port number invalid".
>
> First of all the message is wrong...
>
> Next attempt was to urlencode the password, which resulted in the above
> line working, but the password was sent url-encoded to the destination,
> which can hardly be the desired behaviour?
>
> regards,
> Gustav Munkby
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
> For additional commands, e-mail:
[EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
