Re: MS to stop allowing passwords in URLs

To: "McAllister, Andrew" <McAllisterA@xxxxxxxxxxxx>
Subject: Re: MS to stop allowing passwords in URLs
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Tue, 3 Feb 2004 20:26:30 +0300
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <657713855E75BA41B16662DF0F1B6BDF28229D@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: http://www.security.nnov.ru
References: <657713855E75BA41B16662DF0F1B6BDF28229D@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>

Dear McAllister, Andrew,


--Thursday, January 29, 2004, 1:54:00 AM, you wrote to 
bugtraq@xxxxxxxxxxxxxxxxx:



MA> Anyone have any comments regarding legitimate uses of this syntax and
MA> Microsoft removing it from their browser? (and presumably the OS since
MA> the browser IS the OS).

ftp://user:pass@site

is  _only_  way  to  authenticate  FTP through HTTP proxy (if not given,
proxy always use anonymous).

-- 
~/ZARAZA
Всегда будем рады послушать ваше чириканье (Твен)

References:
- MS to stop allowing passwords in URLs
  - From: McAllister, Andrew

Prev by Date: Re: RFC: content-filter and AV notifications (Was: Re: RFC: virus handling)
Next by Date: Sandblad #12: Inject javascript url in history list (revisited)
Previous by thread: Re: MS to stop allowing passwords in URLs
Next by thread: Re: MS to stop allowing passwords in URLs
Index(es):
- Date
- Thread