[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev ftp://user:address@hidden too much unencripted info

From: Leonid Pauzner
Subject: lynx-dev ftp://user:address@hidden too much unencripted info
Date: Mon, 8 Nov 1999 18:47:44 +0300 (MSK)

I happen to visit non-anonymous ftp account with lynx.
When I start with ftp://user:address@hidden
I see that prefix with username and password unencripted
for all URLs shown from lynx: in Advanced mode statusline
while navigating across directories; in History/VisitedLinks/Info
pages... Although it is documented in "URL Schemes Supported in Lynx"
it would be nice to strip password from that kind of visual output
for privacy conserns.


The ftp URL:

   The ftp URL has the general format:
      ftp://username:address@hidden:port/path;type=[D,I, or A]

   The default port is :21 and the default username is anonymous. If
   username is included but not :password, Lynx will prompt you for the
   password. This is recommended, as otherwise the URL will have it
   completely unencrypted. Do not include the @ if neither username nor

----> From the other hand, if I have *not* added any trailing slash
----> after the host name - it will be added automatically by lynx...
----> It is a pity that lynx ftp output differs in that respect whether I
----> use Squid for ftp_proxy or set no_proxy...

   For Unix and Unix-emulation ftp servers, RFC1738 is not respected and
   the lead slash is treated as the root, i.e., the /path is handled
   equivalently to that in file URLs. The distinction is irrelevant for
   anonymous ftp, but matters when using ftp for non-anonymous accounts.
   If you are using ftp with a Unix server and do wish to get a listing
   of the login directory or have the path string treated as a file or
   path under the login directory, include a tilde (~) as for file URLs,

The telnet, tn3270, and rlogin URLs:

   A telnet URL generally results in Lynx spawning a telnet session. Lynx
   implements the complete telnet URL scheme, i.e.:

   It is unwise to include the :password field except for URLs which
   point to anonymous or other public access accounts, and for most
   TCP-IP software you will be prompted for a password whether or not one
   was included in the URL.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]