thanks! yeah its userid:passwd@host , i was just replying.
so basically what u mean is .... an xmlrpc server (say php) running over
the braindead MS IIS ;) behind http auth, should run just fine with this
method? ... hmm... i'l check this myself too. thanks a lot!
Tino Wildenhain wrote:
> rjoshi@dataarmor.net schrieb:
>> Using the way --- http:userid@password --- wont be cross platform I
>> suppose (its classified as a security flaw) All new browsers and XP
>> with SP2 has been patched NOT to allow usage this way.
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
>>
>
> Actually its http://username:password@host/path/
>
> And its not a security flaw per se if not used in a buggy and brain
> dead application like M$-internetexplorer :-)
>
> Useragents are supposed to not send these strings literally over
> the net - or in case of a webbbrowser dont construct relative
> URLs from it or expose it to Javascript DOM.
>
> XMLRPC does not use sublinks or relative paths so this is no
> issue at all.
>
> Kind regards
> Tino
>
--
Thanks,
Rahul Joshi
Data Armor
|