W3C home > Mailing lists > Public > uri@w3.org > March 2004

Re: userinfo allowed in http URI or not?

From: by way of Martin Duerst <maillists@conactive.com>
Date: Tue, 09 Mar 2004 08:29:33 -0500
Message-Id: <4.2.0.58.J.20040309082915.036f2b40@localhost>
To: uri@w3.org




Your mail from Feb 19:

 > I think that's exactly what it means--if the password is "anonymous"
 > or "" then it may be shown.  I don't know the rationale for this
 > recommendation, but the intended meaning seems clear to me.  If it
 > appears ambiguous to some, maybe it should be rephrased to leave no room
 > for doubt:
 >
 >     Applications should not render as clear text any data after the
 >     first colon (":") character found within a userinfo sub-component
 >     unless the data after the colon is the string "anonymous" or the
 >     empty string (indicating no password).
 >

But it's not the password which is "anonymous", it's the username! A
password of "anonymous" is just a password like any other and as valid as
any other, it's not "special". You log in to an ftp server with a user of
"anonymous" or "guest" or so and then the server responds with something
like "anonymous access ok, please type your email address as the password"
if it allows anonymous access. So, the keyword "anonymous" does not belong
in the password but in the user part of userinfo. Maybe just phrase

"unless the data provided is used/intended for anonymous access".

This leaves everything about the specific syntax open, in case there are
schemes/servers which allow anonymous access in a different way. (I don't
know.)

Kai Sch舩zl

--

Get your web at Conactive Internet Services: http://www.conactive.com
Received on Wednesday, 10 March 2004 15:10:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 January 2011 12:15:32 GMT