[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev ftp://user:address@hidden too much unencripted info
From: |
Leonid Pauzner |
Subject: |
Re: lynx-dev ftp://user:address@hidden too much unencripted info |
Date: |
Tue, 9 Nov 1999 03:16:38 +0300 (MSK) |
8-Nov-99 17:12 Klaus Weide wrote:
> On Mon, 8 Nov 1999, Leonid Pauzner wrote:
>> or better
>>
>> (2) Change the samples in "URL Schemes Supported in Lynx" so they would
>> appear without //user:passw@ but //user@ with the explanation of yet
>> another possibility added in words... So user will not get a wrong
>> impression if reading that document not so carefully (you know, samples
>> are so easy remembered without details).
> (2) is good.
OK.
The letter just theoretical:
>> (1) exclude password from URL in mainloop (or HTParse stage?) and keep
>> it separately until the remote server responds with "enter a password",
>> than send a password *automatically* on request.
> Good luck trying.
> My "fatalist" prediction is
> - It'll take a long time to find the right place(s) (your "or...?")
> - mainloop is way too late. What about startfile, homepage, helpfile etc.
> referer, bookmarks, redirection statusline messages, LIST pages,...
In general, there are three entry points in mainloop: startfile,
LYK_*GOTO and LYK_ACTIVATE; hmm, redirection is a special case of
activate:) Nethertheless, we have LYEnsureAbsoluteURL() which called
exactly in the right place. Still open problem where to keep the
password... Probably a sort of postdata.
> - You'll *take away* functionality if you do a passwordectomy on URLs,
> unless you always keep the passwords around in separate structures
> parallel to those structures that keep track of URL and combine them
> when that is needed.
> - You'll find that it's not worth the trouble to do it completely, so
> it will remain half-done.
Very very true.
> If I *want to* enter URLs like "ftp://user1:address@hidden/" and
> "ftp://user2:address@hidden/", and juggle between them in the same
> session, I should be able to. And both those URLs should be treated
Sure, they are different.
(But ftp://user1:pass1@ and ftp://user1:pass45@ may be a problem: only
one may be accepted so that should be confirmed on a later stage.)
> as different from "ftp://address@hidden/", because that's what they are.
> I don't want a program trying to babysit me, just because someone thought
> I need to be protected from myself to the degree that I can't go where I
> want to.
lynx-dev Suggestion for merging the libcurses and libslang code, vtailor, 1999/11/08
Re: lynx-dev Suggestion for merging the libcurses and libslang code, Klaus Weide, 1999/11/08