On Mon, 8 Nov 1999, Leonid Pauzner wrote:
> I happen to visit non-anonymous ftp account with lynx.
> When I start with ftp://user:[EMAIL PROTECTED]
> ^^^^^^
> I see that prefix with username and password unencripted
> for all URLs shown from lynx: in Advanced mode statusline
> while navigating across directories; in History/VisitedLinks/Info
> pages... Although it is documented in "URL Schemes Supported in Lynx"
> it would be nice to strip password from that kind of visual output
> for privacy conserns.
> ...
>
> It is unwise to include the :password field except for URLs which
> point to anonymous or other public access accounts, and for most
> TCP-IP software you will be prompted for a password whether or not one
> was included in the URL.
Using a password in a URL is so hopelessly bad that I wouldn't bother
trying to hide it. Don't give the impression that you can make it more
invisible unless you really can make it disappear from *all* places
that matter. If you only strip it out in some obvious places, you
are just misleading the user to *think* it is hidden.
Klaus
