Re: HTTP Authentication by Username Embedded in URL

From: Julian Reschke <julian.reschke_at_gmx.de>
Date: Wed, 11 Feb 2009 10:48:42 +0100

Ben Collins-Sussman wrote:
> I can give a simple answer: it's not a valid HTTP URL. Some web
> browsers allow it, but it violates the HTTP specification:
>
> 3.2.2 http URL
> The "http" scheme is used to locate network resources via the HTTP
> protocol. This section defines the scheme-specific syntax and
> semantics for http URLs.
> http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
>
> So it's not something svn has bothered to add as an 'extra feature'.
> Are you sure your users are being forced to type 'guest/guest'? It
> may happen during the first checkout, but the password should be
> cached on further updates.
> ...

Note that HTTPbis (Editor's Draft) says
(<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p1-messaging-latest.html#rfc.section.2.1.1>):

http-URI = "http:" "//" authority path-abempty [ "?" query ]

...thus userinfo @ host will be allowed (at least on the syntactical level).

BR, Julian

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1138289
Received on 2009-02-11 10:49:10 CET

This message: [ Message body ]
Next message: Anne van Rossum: "RE: Re: HTTP Authentication by Username Embedded in URL"
Previous message: Magnus ...: "RE: [PATCH] Redesign of functional specification for obliterate"
In reply to: Ben Collins-Sussman: "Re: HTTP Authentication by Username Embedded in URL"
Next in thread: blackhole_at_collab.net: "RE: Re: HTTP Authentication by Username Embedded in URL"
Reply: blackhole_at_collab.net: "RE: Re: HTTP Authentication by Username Embedded in URL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]