[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev ftp://user:address@hidden too much unencripted info

From: Philip Webb
Subject: Re: lynx-dev ftp://user:address@hidden too much unencripted info
Date: Mon, 8 Nov 1999 17:06:53 -0500 (EST)

991108 Leonid Pauzner & Klaus Weide discussed:
LP> When I start with ftp://user:address@hidden
LP>                             ^^^^^^
LP> I see that prefix with username and password unencripted
LP> for all URLs shown from lynx: in Advanced mode statusline
LP> while navigating across directories; in History/VisitedLinks/Info
KW> Using a password in a URL is so hopelessly bad
KW> I wouldn't bother trying to hide it.
KW> Don't give the impression you can make it more invisible
KW> unless you really can make it disappear from *all* places that matter.
KW> If you only strip it out in some obvious places,
KW> you are just misleading the user to *think* it is hidden.

IOW "Traffic conditions & speeding on this road are so bad
you shouldn't put a pedestrian crossing there
because people might get hurt using it:
they should just stay on their own side of the road".
pessimistic fatalism?  fatal pessimism?

LP> (1) exclude password from URL in mainloop (or HTParse stage?)
LP> and keep it separately until the remote server responds
LP> with "enter a password", than send a password automatically on request.
LP> (2) Change the samples in "URL Schemes Supported in Lynx"
LP> so they would appear without //user:passw@  but  //user@
LP> with the explanation of yet another possibility added in words.
sounds good here: thanx for pointing this out; hope you send a patch.

SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto

reply via email to

[Prev in Thread] Current Thread [Next in Thread]