Bugtraq mailing list archives
RE: MS to stop allowing passwords in URLs
From: Joe Weisenberger <jjfw () one net>
Date: Tue, 3 Feb 2004 13:00:29 -0500 (EST)
On Tue, 3 Feb 2004, Fergus Brooks wrote: snipped ...
Also I have found that often to get to an FTP server on the Internet (depending on the proxy, connection, firewall etc) that you need to use this format. Taking this functionality away will certainly make it harder for a lot of support people and consultants to do their jobs.
snipped ... I just applied this patch (KB832894 MS-04-004) to IE 6.0 on W2K to check handling of ftp url's. After the patch, ftp://username:password@site still works. I think the change only applies to http, https.
Current thread:
- MS to stop allowing passwords in URLs McAllister, Andrew (Feb 02)
- RE: MS to stop allowing passwords in URLs Fergus Brooks (Feb 03)
- RE: MS to stop allowing passwords in URLs Joe Weisenberger (Feb 03)
- Re: MS to stop allowing passwords in URLs N407ER (Feb 03)
- Re: MS to stop allowing passwords in URLs Dave Warren (Feb 03)
- Re: MS to stop allowing passwords in URLs David B Harris (Feb 03)
- Re: MS to stop allowing passwords in URLs Östlund (Feb 04)
- Re: MS to stop allowing passwords in URLs Nick FitzGerald (Feb 06)
- Message not available
- Re: MS to stop allowing passwords in URLs Vinny Abello (Feb 03)
- RE: MS to stop allowing passwords in URLs Fergus Brooks (Feb 03)
- Re: MS to stop allowing passwords in URLs Ansgar -59cobalt- Wiechers (Feb 03)
- RE: MS to stop allowing passwords in URLs Andrew Harwood (Feb 03)
- Re: MS to stop allowing passwords in URLs 3APA3A (Feb 03)
- Re: MS to stop allowing passwords in URLs Dave McCormick (Feb 03)