- From: David Morris <dwm@xpasc.com>
- Date: Thu, 5 Feb 2004 15:56:27 -0800 (PST)
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Thu, 5 Feb 2004 wizard@newsreports.org wrote: > > It is the *silent* bypassing of this dialog > through the *interpretation* of username@password > that is causing it to be a difficulty in the > case at hand. Popping up a dialog box is much > less draconian than ignoring username@password > altogether. > Actually, the MS fix isn't for the silent bypass per se, it is for the fact that MSIE hides the content of the URL after the %01 character. In my mind, that makes it an invalid URL which should be rejected. Your suggestion for popping a dialog seems like a good optional security enhancement. Add a checkbox to not show the dialog again for the same server.... Dave Morris
Received on Thursday, 5 February 2004 19:01:02 UTC