Hello,

In my oppinion username and(or) passwords in the url are really useless to
implement. Think about Internet Explorer which inhibed this also. Also, how
can you specify proxy credentials in the url?

regards

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Maurizio Lotauro
Sent: Wednesday, April 27, 2005 7:11 PM
To: ICS support mailing
Subject: [twsocket] Overwriting of HttpCli properties

Hello,

while I'm working on the fix for the authentication I would like to remove
one 
think that I don't like. The component will overwrite the Username and 
Password properties when an user and a password is specified in the url.

The problem is that when the user set another url without user and password 
then the properties mantains the values specified in the previous url. This 
will mean that it is possible that these values could be sent to the wrong 
server, and if a basic authentication is used, it could be a security issue.

I would like to change this behaviour in the following way. The user will be

get from url if present, otherwise from the Username property. The same for 
the password. The properties will be not changed anymore.

Before doing this I want to hear the opinion of all developers that are in 
this mailing list, in particular if there are good reasons to do not apply 
these changes.

The same logic will apply to Connection and ProxyConnection, but it's 
overwriting appeared very recently, so I don't think that it will break any 
existing code. More probably is true the opposite.


Bye, Maurizio.

----------------------------------------------------
This mail has been sent using Alpikom webmail system
http://www.alpikom.it


-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be



-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to