lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: patch (was: Re: lynx-dev ftp://user:address@hidden too much unenc


From: Klaus Weide
Subject: Re: patch (was: Re: lynx-dev ftp://user:address@hidden too much unencripted info)
Date: Wed, 17 Nov 1999 11:56:09 -0600 (CST)

On Mon, 15 Nov 1999, Leonid Pauzner wrote:

>  if it has been defined via the '<em>o</em>'ptions menu.  Otherwise,
>  Lynx uses the dummy password <em>WWWUser</em>.
> +(Yet another possibility is sending a password
> +as <em>username:password</em> though it is not recommended
> +since the URL will have it completely unencrypted.)
> +Do not include the <em>@</em> if neither <em>username</em> nor
> +<em>:password</em> is included.

This is making it a bit *too* obscure, IMO...  it doesn't say *where*
to put the username:password.

I would replace the sentence in parentheses with:

(A password can also be embedded in the URL, by replacing
<em>username</em> with <em>username:password</em>.  This is strongly
discouraged for 'real' passwords that must be kept secret, since URLs
with the completely unencrypted <em>password</em> may show up on the
screen, in HISTORY and LIST pages etc., and may even become visible to
remote sites for example through Referer headers.)

    Klaus


reply via email to

[Prev in Thread] Current Thread [Next in Thread]