ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tino Wildenhain <t...@wildenhain.de>
Subject Re: HTTP Authentication with XML-RPC Client / usage?
Date Tue, 31 Jan 2006 13:08:21 GMT
rjoshi@dataarmor.net schrieb:
> Using the way --- http:userid@password --- wont be cross platform I 
> suppose (its classified as a security flaw) All new browsers and XP with 
> SP2 has been patched NOT to allow usage this way.
> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
> 

Actually its http://username:password@host/path/

And its not a security flaw per se if not used in a buggy and brain
dead application like M$-internetexplorer :-)

Useragents are supposed to not send these strings literally over
the net - or in case of a webbbrowser dont construct relative
URLs from it or expose it to Javascript DOM.

XMLRPC does not use sublinks or relative paths so this is no
issue at all.

Kind regards
Tino

Mime
View raw message