user:passw@ftp.... too much unencripted info)

Klaus Weide Wed, 17 Nov 1999 10:17:05 -0800

On Mon, 15 Nov 1999, Leonid Pauzner wrote:

>  if it has been defined via the '<em>o</em>'ptions menu.  Otherwise,
>  Lynx uses the dummy password <em>WWWUser</em>.
> +(Yet another possibility is sending a password
> +as <em>username:password</em> though it is not recommended
> +since the URL will have it completely unencrypted.)
> +Do not include the <em>@</em> if neither <em>username</em> nor
> +<em>:password</em> is included.

This is making it a bit *too* obscure, IMO...  it doesn't say *where*
to put the username:password.

I would replace the sentence in parentheses with:

(A password can also be embedded in the URL, by replacing
<em>username</em> with <em>username:password</em>.  This is strongly
discouraged for 'real' passwords that must be kept secret, since URLs
with the completely unencrypted <em>password</em> may show up on the
screen, in HISTORY and LIST pages etc., and may even become visible to
remote sites for example through Referer headers.)

    Klaus

Re: patch (was: Re: lynx-dev ftp://user:passw@ftp.... too much unencripted info)

Reply via email to