W3C home > Mailing lists > Public > uri@w3.org > February 2004

Re: userinfo allowed in http URI or not?

From: Adam M. Costello BOGUS address, see signature <BOGUS@BOGUS.nicemice.net>
Date: Thu, 19 Feb 2004 00:02:05 +0000
To: uri@w3.org
Message-ID: <20040219000205.GD24395~@nicemice.net>

Kai Schaetzl <maillists@conactive.com> wrote:

> > Applications should not render as clear text any data after the
> > first colon (":") character found within a userinfo sub-component
> > unless such data is the empty string (indicating no password) or
> > "anonymous".
>
> I know what you mean but it seems to imply that the password could be
> "anonymous" and then be shown.

I think that's exactly what it means--if the password is "anonymous"
or "" then it may be shown.  I don't know the rationale for this
recommendation, but the intended meaning seems clear to me.  If it
appears ambiguous to some, maybe it should be rephrased to leave no room
for doubt:

    Applications should not render as clear text any data after the
    first colon (":") character found within a userinfo sub-component
    unless the data after the colon is the string "anonymous" or the
    empty string (indicating no password).

AMC
http://www.nicemice.net/amc/
Received on Wednesday, 18 February 2004 19:02:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:25:07 UTC