cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] Colon in username

From: Wei Weng <wweng_at_acedsl.com>
Date: Mon, 29 Sep 2008 20:02:18 -0400

Dan Fandrich wrote:
> On Mon, Sep 29, 2008 at 07:59:00AM +0200, Daniel Stenberg wrote:
>> I guess I wasn't clear: my point was to make sure the new *API* we
>> introduce implies as few restrictions as possible on the user name and
>> passwords. By assuming that the strings are URL encoded, many applications
>> can even get away without encoding them at all (unless they use '%' or
>> zeroes in the strings).
>
> I'm worried that too many applications will assume that they can
> "get away without encoding them at all" and therefore not encode them. Then
> everyone with a % in his password will suffer. Is a NUL byte in a password
> actually allowed in any kind of reasonable system today?
>
>>>> Dan

 What about having a new CURLOPT_ENC_USERNAME?

Thanks
Wei
Received on 2008-09-30