[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev ftp://user:address@hidden too much unencripted info
From: |
Klaus Weide |
Subject: |
Re: lynx-dev ftp://user:address@hidden too much unencripted info |
Date: |
Mon, 8 Nov 1999 10:24:47 -0600 (CST) |
On Mon, 8 Nov 1999, Leonid Pauzner wrote:
> I happen to visit non-anonymous ftp account with lynx.
> When I start with ftp://user:address@hidden
> ^^^^^^
> I see that prefix with username and password unencripted
> for all URLs shown from lynx: in Advanced mode statusline
> while navigating across directories; in History/VisitedLinks/Info
> pages... Although it is documented in "URL Schemes Supported in Lynx"
> it would be nice to strip password from that kind of visual output
> for privacy conserns.
> ...
>
> It is unwise to include the :password field except for URLs which
> point to anonymous or other public access accounts, and for most
> TCP-IP software you will be prompted for a password whether or not one
> was included in the URL.
Using a password in a URL is so hopelessly bad that I wouldn't bother
trying to hide it. Don't give the impression that you can make it more
invisible unless you really can make it disappear from *all* places
that matter. If you only strip it out in some obvious places, you
are just misleading the user to *think* it is hidden.
Klaus
lynx-dev Suggestion for merging the libcurses and libslang code, vtailor, 1999/11/08