[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev ftp://user:address@hidden too much unencripted info

From: Leonid Pauzner
Subject: Re: lynx-dev ftp://user:address@hidden too much unencripted info
Date: Tue, 9 Nov 1999 03:16:38 +0300 (MSK)

8-Nov-99 17:12 Klaus Weide wrote:
> On Mon, 8 Nov 1999, Leonid Pauzner wrote:

>> or better
>> (2) Change the samples in "URL Schemes Supported in Lynx" so they would
>> appear without //user:passw@  but  //user@ with the explanation of yet
>> another possibility added in words... So user will not get a wrong
>> impression if reading that document not so carefully (you know, samples
>> are so easy remembered without details).

> (2) is good.

The letter just theoretical:
>> (1) exclude password from URL in mainloop (or HTParse stage?) and keep
>> it separately until the remote server responds with "enter a password",
>> than send a password *automatically* on request.

> Good luck trying.
> My "fatalist" prediction is
>  - It'll take a long time to find the right place(s) (your "or...?")
>  - mainloop is way too late.  What about startfile, homepage, helpfile etc.
>    referer, bookmarks, redirection statusline messages, LIST pages,...
In general, there are three entry points in mainloop: startfile,
LYK_*GOTO and LYK_ACTIVATE; hmm, redirection is a special case of
activate:)  Nethertheless, we have LYEnsureAbsoluteURL() which called
exactly in the right place. Still open problem where to keep the
password... Probably a sort of postdata.

>  - You'll *take away* functionality if you do a passwordectomy on URLs,
>    unless you always keep the passwords around in separate structures
>    parallel to those structures that keep track of URL and combine them
>    when that is needed.
>  - You'll find that it's not worth the trouble to do it completely, so
>    it will remain half-done.
Very very true.

> If I *want to* enter URLs like "ftp://user1:address@hidden/"; and
> "ftp://user2:address@hidden/";, and juggle between them in the same
> session, I should be able to.  And both those URLs should be treated

Sure, they are different.
(But ftp://user1:pass1@ and ftp://user1:pass45@ may be a problem: only
one may be accepted so that should be confirmed on a later stage.)

> as different from "ftp://address@hidden/";, because that's what they are.
> I don't want a program trying to babysit me, just because someone thought
> I need to be protected from myself to the degree that I can't go where I
> want to.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]