Hi Ortwin,
the quote was not meant as an estimation.
Just a hint why that part of the URI spec
might be less well known as others.
BTW, the section also defines the valid characters:
userinfo = *( unreserved | escaped |
";" | ":" | "&" | "=" | "+" | "$" | "," )
cheers,
Roland
Ortwin Gl�ck <[EMAIL PROTECTED]>
28.04.2004 08:23
Please respond to "Commons HttpClient Project"
To: Commons HttpClient Project
<[EMAIL PROTECTED]>
cc:
Subject: Re: Bug in HTTPUrl?
Roland Weber wrote:
> Hi Oleg,
>
> see RFC 2396, URI: Generic Syntax, section 3.2.2:
>
> <userinfo>@<host>:<port>
>
> Some URL schemes use the format "user:password" in the userinfo
> field. This practice is NOT RECOMMENDED, because the passing of
> authentication information in clear text (such as URI) has proven to
> be a security risk in almost every case where it has been used.
>
>
> cheers,
> Roland
Roland,
of course it is out of question that this poses security problems. But
this fact does not make the URI classes less buggy.
---------------------------------------------------------------------
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
