[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev ftp://user:address@hidden too much unencripted info
From: |
Philip Webb |
Subject: |
Re: lynx-dev ftp://user:address@hidden too much unencripted info |
Date: |
Mon, 8 Nov 1999 17:06:53 -0500 (EST) |
991108 Leonid Pauzner & Klaus Weide discussed:
LP> When I start with ftp://user:address@hidden
LP> ^^^^^^
LP> I see that prefix with username and password unencripted
LP> for all URLs shown from lynx: in Advanced mode statusline
LP> while navigating across directories; in History/VisitedLinks/Info
KW> Using a password in a URL is so hopelessly bad
KW> I wouldn't bother trying to hide it.
KW> Don't give the impression you can make it more invisible
KW> unless you really can make it disappear from *all* places that matter.
KW> If you only strip it out in some obvious places,
KW> you are just misleading the user to *think* it is hidden.
IOW "Traffic conditions & speeding on this road are so bad
you shouldn't put a pedestrian crossing there
because people might get hurt using it:
they should just stay on their own side of the road".
pessimistic fatalism? fatal pessimism?
LP> (1) exclude password from URL in mainloop (or HTParse stage?)
LP> and keep it separately until the remote server responds
LP> with "enter a password", than send a password automatically on request.
LP> (2) Change the samples in "URL Schemes Supported in Lynx"
LP> so they would appear without //user:passw@ but //user@
LP> with the explanation of yet another possibility added in words.
sounds good here: thanx for pointing this out; hope you send a patch.
--
========================,,============================================
SUPPORT ___________//___, Philip Webb : address@hidden
ELECTRIC /] [] [] [] [] []| Centre for Urban & Community Studies
TRANSIT `-O----------O---' University of Toronto
- lynx-dev ftp://user:address@hidden too much unencripted info, Leonid Pauzner, 1999/11/08
- Re: lynx-dev ftp://user:address@hidden too much unencripted info, Klaus Weide, 1999/11/08
- Re: lynx-dev ftp://user:address@hidden too much unencripted info, Klaus Weide, 1999/11/08
- Re: lynx-dev ftp://user:address@hidden too much unencripted info, Leonid Pauzner, 1999/11/08
- patch (was: Re: lynx-dev ftp://user:address@hidden too much unencripted info), Leonid Pauzner, 1999/11/15
- Re: patch (was: Re: lynx-dev ftp://user:address@hidden too much unencripted info), Klaus Weide, 1999/11/17
lynx-dev Suggestion for merging the libcurses and libslang code, vtailor, 1999/11/08
Re: lynx-dev Suggestion for merging the libcurses and libslang code, Klaus Weide, 1999/11/08