(keitai-l) Re: defining feature

From: Eric Hildum <Eric_Hildum_at_itochu.net>
Date: 10/18/00
Message-ID: <B6133677.1EE7%Eric_Hildum@itochu.net> 
If I remember correctly, the URL specification explicitly bans what you are
trying to do because of the security issues. The username:password form only
works with ftp and some other protocols, not http. You need to check the RFC
dealing with URLs and URIs to see what you can and cannot do.

Eric Hildum


> From: Renfield Kuroda <Renfield.Kuroda@msdw.com>
> Organization: Morgan Stanley Dean Witter & Co.
> Reply-To: keitai-l@appelsiini.net
> Date: Wed, 18 Oct 2000 19:06:44 +0900
> To: keitai-l@appelsiini.net
> Subject: (keitai-l) Re: defining feature
> 
> First of all, you're trying to send a cleartext password, which is a bit
> silly. And why does it have to go before the domain name of the site?
> Why not go to the domain and deal with it there.
> For even a modicum of security, binhex it or rot13 it or something and pass
> it in like:
> 
> https://website.com/[name][passwd]/somepage.html
> 
> or something...?
> 
> r e n
> 
> 
> Nick May wrote:
> 
>> keitai-l@appelsiini.net writes:
>>> Not i-mode in itself, but most definitely *the* defining feature
>>> for making money with i-mode, which is of course exactly what
>>> businesses are interested in.
>> 
>> Sure - but not all businesses have a business model that involves billing
>> the browser... (though it is certainly an attractive model for a lot of
>> applications) - or even making money directly from the website at all (it
>> may support other parts of the company's business)
>> 
>> What I find irritating is that I get a DNS error when I try and run a url
>> like:
>> 
>> http://name:password@www.website.com/login/
>> 
>> through the imode proxy. (it works fine from a net browser)
>> 
>> so - no encoding name/passwords in URLS at all? is there a syntax that
>> would work?
>> 
>> Nick
> 
> --
> ascii: r e n f i e l d
> octal: \162 \145 \156 \146 \151 \145 \154 \144
> hex: \x72 \x65 \x6e \x66 \x69 \x65 \x6c  \x64
> morgan stanley dean witter japan
> e-business technologies | engineering and strategy
> 
> 
> 
> -- Binary/unsupported file stripped by Listar --
> -- Type: application/x-pkcs7-signature
> -- File: smime.p7s
> -- Desc: S/MIME Cryptographic Signature
> 
> 
> 
>
Received on Wed Oct 18 21:07:41 2000