while I'm working on the fix for the authentication I would like to remove one 
think that I don't like. The component will overwrite the Username and 
Password properties when an user and a password is specified in the url.

The problem is that when the user set another url without user and password 
then the properties mantains the values specified in the previous url. This 
will mean that it is possible that these values could be sent to the wrong 
server, and if a basic authentication is used, it could be a security issue.

I would like to change this behaviour in the following way. The user will be 
get from url if present, otherwise from the Username property. The same for 
the password. The properties will be not changed anymore.

Before doing this I want to hear the opinion of all developers that are in 
this mailing list, in particular if there are good reasons to do not apply 
these changes.

The same logic will apply to Connection and ProxyConnection, but it's 
overwriting appeared very recently, so I don't think that it will break any 
existing code. More probably is true the opposite.

Bye, Maurizio.

This mail has been sent using Alpikom webmail system

To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to