- From: Mike Meyer <mwm@contessa.phone.net>
- Date: Wed, 4 Oct 95 11:00:55 PST
- To: www-html@w3.org
> Well Jon, the original question -- at least, _my_ original Usenet question -- > related to the use of a hyperlink of the form > ftp://user:password@ftp.some.site.uk > which is permitted, but REALLY STUPID unless the code can be concealed. > Isn't it? No, it isn't. That username/password can be used to access an object that you presumably want everyone who can access the web page containing that URL to be able to get to. Since they can get the object from that web page, there shouldn't be any harm in them having the username/password pair. Now, if that username/password pair is used to protect something in addition to the object the URL points at, then something stupid is going on. It's that someone is trying to use a single username/password pair to protect two different things at (presumably) different levels of security. The latter thing should be fixed. BTW, even if you could encrypt the HTML in some way, you've still got to prevent the browser from displaying the URL of the document it fetches, as that will contain the username/password pair as well. <mike
Received on Wednesday, 4 October 1995 14:07:05 UTC