lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Possible Y2K issue with Lynx


From: Klaus Weide
Subject: Re: lynx-dev Possible Y2K issue with Lynx
Date: Wed, 5 Jan 2000 15:24:04 -0600 (CST)

On Wed, 5 Jan 2000, Jon Anderson wrote:

> Part of my operation here involves the use of LYNX to get and print
> invoices from a webserver which generates printable pages via PHP and
> apache.
> 
> I used to have a line of code in a shell script which looked like 
> this:
> 
> lynx -source
> 'http://adminuser:address@hidden/showinvoice?id=123'

This has NEVER been "supported" by Lynx, and if it worked, that would
be by some kind of accident.

> This accessed a password protected page embedding the password in the
> URL
> as you would do with a standard webbrowser.

There is nothing standard about using username and password components
in HTTP URLs.  Lynx supports it for FTP URLs (and, in some minimal way,
for telnet and similar URLs), but not for anything else.

The non-support by Lynx seems to take the form of effectively ignoring
(skipping) the additional parts (before and including '@') when
looking for an address to actually make a connection, but otherwise
preserving the content when the "host" part is passed around in textual
form - i.e., when talking to a proxy or when constructing a Host: header.

Of course you know that the use of passwords in URLs is heavily
recommended against, right?  After all they are generally treated as
public information, not worth special protection from other parts of
the system etc.

> This worked for months and fed the output to a html-postscript converter
> and to our printer. Hundreds of invoices have been printed.

Either your myinternal.webserver didn't really require authentication
all this time when you thought it did...  or you are going through a
proxy which does interprete the non-standard URL additions in the form
in which lynx preserved them... or your myinternal.webserver was
looking at the Host: header and reacting to its non-standard contents
in a non-standard way.  Or, of course, "showinvoice" itself (as a
script or whatever) did something else special.  Or PHP does something
you are not aware of with this non-standard data, and so on.

> Since Jan 1st 2000 this now exits with the message "cannot access start
> file" and displays a message indicating that authorisation is required.

I see no logical connection to the date at all.
Maybe someone did a lst minute fix to the server or the showinvoice script...

> If I change the command line to include a -auth= parameter then
> everything works

That's the way it should work.

> fine, but the URL syntax no longer seems to work.

As far as lynx was aware, it never did.  It never interpreted a ...@
in a HTTP URL's host part in a way that would invoke the standard
HTTP authentication mechanism.

If I'm wrong I hope someone will correct me, but I doubt it very much.


> Please reply via email directly as well to the list as I am not directly
> subscribed.

Please check the archive at <http://www.flora.org/lynx-dev/html/>
for responses you'd otherwise miss.

   Klaus



reply via email to

[Prev in Thread] Current Thread [Next in Thread]