On Tue, 10 Dec 2013, Steve Holme wrote:
or make the separator something that is less likely to be used in a
password. Like for example having it the spelled out ";options=" or
something.
I'm not a fan of the latter as that would require the user to perform the
following in order to specify the authentication type in the email
protocols:
user:password;options=auth=NTLM
I agree that it isn't perfect, but then I also cannot think of a really good
way to solve this. Perhaps we should just not solve it and move it into a
separate option entirely.
I can't remember which user and password options allow URL encoded colons at
present, and I know this is something that we talked about before, but could
we consider adding support for URL encoding these separator characters in
the CURLOPT_USERPWD?
It's not possible. The colon is the separator for [user]:[password] so it
makes it impossible to use a colon in user names with the -u option (but
passwords can have them since only the first is used as a separator). For
libcurl we have separate individual options that can be used instead to avoid
this, and for the command line client a user can provide the user name (and
password) in the URL instead and in there they can be used URL encoded and it
works fine. The options cannot be passed in inside URLs like that.
Further, I'm afraid that users out there have scripts that send in -u
user:$password which makes them now fail if users would have semicolons in
their passwords. Such passwords worked fine before.
That way it a) solves this issue and b) solves previously discussed issues
with having a colon in user names and c) provides consistency across all
user/password options ;-)
The only truly working way I can think of is to have separate options for all
of them so that we avoid single-letter separators completely. But since the
user+password are at least already working in one way since quite a long time
back, I think we should start with unbreaking that to get back to the state we
were in before...
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
