[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: HTTP Authentication by Username Embedded in URL

From: Julian Reschke <julian.reschke_at_gmx.de>
Date: Wed, 11 Feb 2009 10:48:42 +0100

Ben Collins-Sussman wrote:
> I can give a simple answer: it's not a valid HTTP URL. Some web
> browsers allow it, but it violates the HTTP specification:
>
> 3.2.2 http URL
> The "http" scheme is used to locate network resources via the HTTP
> protocol. This section defines the scheme-specific syntax and
> semantics for http URLs.
> http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
>
> So it's not something svn has bothered to add as an 'extra feature'.
> Are you sure your users are being forced to type 'guest/guest'? It
> may happen during the first checkout, but the password should be
> cached on further updates.
> ...

Note that HTTPbis (Editor's Draft) says
(<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-latest.html#rfc.section.2.1.1>):

   http-URI = "http:" "//" authority path-abempty [ "?" query ]

...thus userinfo @ host will be allowed (at least on the syntactical level).

BR, Julian

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1138289
Received on 2009-02-11 10:49:10 CET

This is an archived mail posted to the Subversion Dev mailing list.