lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev ftp://user:address@hidden too much unencripted info


From: Klaus Weide
Subject: Re: lynx-dev ftp://user:address@hidden too much unencripted info
Date: Mon, 8 Nov 1999 10:24:47 -0600 (CST)

On Mon, 8 Nov 1999, Leonid Pauzner wrote:

> I happen to visit non-anonymous ftp account with lynx.
> When I start with ftp://user:address@hidden
>                             ^^^^^^
> I see that prefix with username and password unencripted
> for all URLs shown from lynx: in Advanced mode statusline
> while navigating across directories; in History/VisitedLinks/Info
> pages... Although it is documented in "URL Schemes Supported in Lynx"
> it would be nice to strip password from that kind of visual output
> for privacy conserns.
> ...
> 
>    It is unwise to include the :password field except for URLs which
>    point to anonymous or other public access accounts, and for most
>    TCP-IP software you will be prompted for a password whether or not one
>    was included in the URL.

Using a password in a URL is so hopelessly bad that I wouldn't bother
trying to hide it.  Don't give the impression that you can make it more
invisible unless you really can make it disappear from *all* places
that matter.  If you only strip it out in some obvious places, you
are just misleading the user to *think* it is hidden.

   Klaus


reply via email to

[Prev in Thread] Current Thread [Next in Thread]