[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MS to stop allowing passwords in URLs

To: "McAllister, Andrew" <McAllisterA@umsystem.edu>
Subject: Re: MS to stop allowing passwords in URLs
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Date: Tue, 3 Feb 2004 20:26:30 +0300

Dear McAllister, Andrew,


--Thursday, January 29, 2004, 1:54:00 AM, you wrote to 
bugtraq@securityfocus.com:



MA> Anyone have any comments regarding legitimate uses of this syntax and
MA> Microsoft removing it from their browser? (and presumably the OS since
MA> the browser IS the OS).

ftp://user:pass@site

is  _only_  way  to  authenticate  FTP through HTTP proxy (if not given,
proxy always use anonymous).

-- 
~/ZARAZA
Всегда будем рады послушать ваше чириканье (Твен)

References:
- MS to stop allowing passwords in URLs
  - From: "McAllister, Andrew" <McAllisterA@umsystem.edu>

Prev by Date: Re: RFC: content-filter and AV notifications (Was: Re: RFC: virus handling)
Next by Date: Sandblad #12: Inject javascript url in history list (revisited)
Previous by thread: RE: MS to stop allowing passwords in URLs
Next by thread: Re: MS to stop allowing passwords in URLs
Index(es):
- Date
- Thread