cURL / Mailing Lists / curl-library / Single Mail


RE: CURL SMTP - Bypass Authentication

From: Daniel Stenberg <>
Date: Wed, 26 Mar 2014 23:42:49 +0100 (CET)

On Wed, 26 Mar 2014, Steve Holme wrote:

> Does anyone have any views to whether supplying a username and password to a
> server that doesn't support authentication is a valid use case and should
> work as if no username/password had been supplied?

Could it be used by a malicious server to trick the client into giving away
its credentials in a way it wouldn't otherwise do it?

List admin:
Received on 2014-03-26