cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] Colon in username

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Mon, 29 Sep 2008 16:25:46 -0700

On Mon, Sep 29, 2008 at 07:59:00AM +0200, Daniel Stenberg wrote:
> I guess I wasn't clear: my point was to make sure the new *API* we
> introduce implies as few restrictions as possible on the user name and
> passwords. By assuming that the strings are URL encoded, many applications
> can even get away without encoding them at all (unless they use '%' or
> zeroes in the strings).

I'm worried that too many applications will assume that they can
"get away without encoding them at all" and therefore not encode them. Then
everyone with a % in his password will suffer. Is a NUL byte in a password
actually allowed in any kind of reasonable system today?

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved

Received on 2008-09-30

This message: [ Message body ]
Next message: Carlos Alloatti: "Re: CURL_WRITEFUNC_ABORT for CURLOPT_WRITEFUNCTION"
Previous message: Daniel Stenberg: "Re: [Patch] Disable proxy support"
In reply to: Daniel Stenberg: "RE: [PATCH] Colon in username"
Next in thread: Wei Weng: "Re: [PATCH] Colon in username"
Reply: Wei Weng: "Re: [PATCH] Colon in username"
Reply: Daniel Stenberg: "Re: [PATCH] Colon in username"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]