curl-library
Re: [PATCH] Colon in username
From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Mon, 29 Sep 2008 16:25:46 -0700
Date: Mon, 29 Sep 2008 16:25:46 -0700
On Mon, Sep 29, 2008 at 07:59:00AM +0200, Daniel Stenberg wrote:
> I guess I wasn't clear: my point was to make sure the new *API* we
> introduce implies as few restrictions as possible on the user name and
> passwords. By assuming that the strings are URL encoded, many applications
> can even get away without encoding them at all (unless they use '%' or
> zeroes in the strings).
I'm worried that too many applications will assume that they can
"get away without encoding them at all" and therefore not encode them. Then
everyone with a % in his password will suffer. Is a NUL byte in a password
actually allowed in any kind of reasonable system today?
>>> Dan
-- http://www.MoveAnnouncer.com The web change of address service Let webmasters know that your web site has movedReceived on 2008-09-30