- From: lilley <lilley@afs.mcc.ac.uk>
- Date: Wed, 4 Oct 1995 16:59:50 +0100 (BST)
- To: sirrah@cg57.esnet.com (Stuart Harris)
- Cc: www-html@w3.org
Stu Harris says: > Well Jon, the original question -- at least, _my_ original Usenet question -- > related to the use of a hyperlink of the form > ftp://user:password@ftp.some.site.uk > which is permitted, but REALLY STUPID unless the code can be concealed. Not at all. There is such a link at the bottom of my personal page (see sig for URL). However, it is perfectly secure because the password part must be supplied by anyone attempting to traverse the link. (Even more secure in my case, as we use Kerberos authentication). Also, in the case of public access accounts for kiosks, etc it might be perfectly acceptable to disclose both the username and password. Also, HTML might be generated on the fly, or used within a secure environment. For example, filling in a form and supplying credit card details might generate on the fly some html with instructions on using some demonstration software, plus a link of the form you have described giving a guest account and the password du jour to try it out. -- Chris Lilley, Technical Author +-------------------------------------------------------------------+ | Manchester and North HPC Training & Education Centre | +-------------------------------------------------------------------+ | Computer Graphics Unit, Email: Chris.Lilley@mcc.ac.uk | | Manchester Computing Centre, Voice: +44 161 275 6045 | | Oxford Road, Manchester, UK. Fax: +44 161 275 6040 | | M13 9PL BioMOO: ChrisL | | URI: http://info.mcc.ac.uk/CGU/staff/lilley/lilley.html | +-------------------------------------------------------------------+
Received on Wednesday, 4 October 1995 12:01:00 UTC