[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Interesting side effect of the new IE patch
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Interesting side effect of the new IE patch
- From: Nick FitzGerald <nick@virus-l.demon.co.uk>
- Date: Sat, 07 Feb 2004 02:16:29 +1300
rhetorical question <ypwhich@io.com> wrote:
> I *may* be wrong. But I do believe the "http://username:password@... " bit
> has been around for some time. ...
In the KB article describing this change Microsoft says it introduced
handling of "userinfo" in HTTP[S] URLs in IE 3.0. That was what --
1996 or 1997? Whatever, I think we'd agree that in computing or
Internet terms that is a fair while ago...
> ... I remember finding that out a long time ago,
> which was convient in regards to browsing FTP sites which require a login/
> password. Was using Netscape Navigator Gold, mid 90s.
>
> I still have some of my old browsers, will install a few and test it out.
As has been discussed (at length) in this and obviously related
threads, the change in IE specifically affects HTTP and HTTPS URLs.
IE's handling of FTP URLs is irrelevant as the "userinfo" syntax is
allowed for such URLs and is not claimed to have been altered.
Microsoft has simply, very belatedly, pulled this aspect of IE's
behaviour into line with the standards that define what an HTTP[S]
protocol handler should do.
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html