ws-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rjo...@dataarmor.net
Subject Re: HTTP Authentication with XML-RPC Client / usage?
Date Tue, 31 Jan 2006 13:14:25 GMT
thanks! yeah its userid:passwd@host , i was just replying.

so basically what u mean is .... an xmlrpc server (say php) running over 
the braindead MS IIS ;) behind http auth, should run just fine with this 
method? ... hmm... i'l check this myself too. thanks a lot!


Tino Wildenhain wrote:
> rjoshi@dataarmor.net schrieb:
>> Using the way --- http:userid@password --- wont be cross platform I 
>> suppose (its classified as a security flaw) All new browsers and XP 
>> with SP2 has been patched NOT to allow usage this way.
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
>>
>
> Actually its http://username:password@host/path/
>
> And its not a security flaw per se if not used in a buggy and brain
> dead application like M$-internetexplorer :-)
>
> Useragents are supposed to not send these strings literally over
> the net - or in case of a webbbrowser dont construct relative
> URLs from it or expose it to Javascript DOM.
>
> XMLRPC does not use sublinks or relative paths so this is no
> issue at all.
>
> Kind regards
> Tino
>

-- 
Thanks,

Rahul Joshi
Data Armor


Mime
View raw message