W3C home > Mailing lists > Public > uri@w3.org > February 2004

userinfo allowed in http URI or not?

From: Kai Schaetzl <maillists@conactive.com>
Date: Sun, 01 Feb 2004 23:31:56 -0500
Message-Id: <>
To: uri@w3.org

It looks from
that this list is open to non-subscribers, so I try and send this message.

As you may know Microsoft is going to remove the userinfo from http URLs
for Internet Explroer, so that URIs like:


won't work anymore.

While discussing that I and some others looked up what RFCs have to say
about it and the result is quite confusing.


1738 says "not allowed":
3.3. HTTP:
No user name or password is allowed

http://www.iana.org/assignments/uri-schemes says 2616 is relevant for http
URIs and not 1738 anymore
2616 refers to 2396 for http URIs

2396 says it merges/updates/revises/replaces 1738/1808 in respect to
scheme-specific URIs. It doesn't list userinfo for http. So, is 1738 still
relevant here?

doesn't list userinfo in the BNF syntax, but it's mentioned as an example.

It's also deemed "not recommended" in general in most of the documents and
looking thru some of the documents and discussions you can find under the
various links at
it seems like everyone thinks it's valid.

Well, is it a valid http URI or not? Why is there so much confusion in the
documents? Could you please add a definitive statement on userinfo in
2396bis and either add it explicitely to the BNF syntax or clearly state
it's invalid?

Thanks for any explanations :-)



Kai Sch舩zl, Berlin, Germany
Received on Sunday, 1 February 2004 23:32:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:25:07 UTC