[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: patch (was: Re: lynx-dev ftp://user:address@hidden too much unenc
From: |
Klaus Weide |
Subject: |
Re: patch (was: Re: lynx-dev ftp://user:address@hidden too much unencripted info) |
Date: |
Wed, 17 Nov 1999 11:56:09 -0600 (CST) |
On Mon, 15 Nov 1999, Leonid Pauzner wrote:
> if it has been defined via the '<em>o</em>'ptions menu. Otherwise,
> Lynx uses the dummy password <em>WWWUser</em>.
> +(Yet another possibility is sending a password
> +as <em>username:password</em> though it is not recommended
> +since the URL will have it completely unencrypted.)
> +Do not include the <em>@</em> if neither <em>username</em> nor
> +<em>:password</em> is included.
This is making it a bit *too* obscure, IMO... it doesn't say *where*
to put the username:password.
I would replace the sentence in parentheses with:
(A password can also be embedded in the URL, by replacing
<em>username</em> with <em>username:password</em>. This is strongly
discouraged for 'real' passwords that must be kept secret, since URLs
with the completely unencrypted <em>password</em> may show up on the
screen, in HISTORY and LIST pages etc., and may even become visible to
remote sites for example through Referer headers.)
Klaus
lynx-dev Suggestion for merging the libcurses and libslang code, vtailor, 1999/11/08
Re: lynx-dev Suggestion for merging the libcurses and libslang code, Klaus Weide, 1999/11/08