Re: Microsoft to Strike IE URL Passwords

On Thu, 5 Feb 2004 wrote:

> It is the *silent* bypassing of this dialog
> through the *interpretation* of username@password
> that is causing it to be a difficulty in the
> case at hand. Popping up a dialog box is much
> less draconian than ignoring username@password
> altogether.

Actually, the MS fix isn't for the silent bypass per se, it
is for the fact that MSIE hides the content of the URL after the %01

In my mind, that makes it an invalid URL which should be rejected. Your
suggestion for popping a dialog seems like a good optional security
enhancement. Add a checkbox to not show the dialog again for the same

Dave Morris

Received on Thursday, 5 February 2004 19:01:02 UTC