cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: curl bug: ftp passwd with semicolon

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 12 Dec 2013 23:39:00 +0100 (CET)

On Tue, 10 Dec 2013, Steve Holme wrote:

>> or make the separator something that is less likely to be used in a
>> password. Like for example having it the spelled out ";options=" or
>> something.
>
> I'm not a fan of the latter as that would require the user to perform the
> following in order to specify the authentication type in the email
> protocols:
>
> user:password;options=auth=NTLM

I agree that it isn't perfect, but then I also cannot think of a really good
way to solve this. Perhaps we should just not solve it and move it into a
separate option entirely.

> I can't remember which user and password options allow URL encoded colons at
> present, and I know this is something that we talked about before, but could
> we consider adding support for URL encoding these separator characters in
> the CURLOPT_USERPWD?

It's not possible. The colon is the separator for [user]:[password] so it
makes it impossible to use a colon in user names with the -u option (but
passwords can have them since only the first is used as a separator). For
libcurl we have separate individual options that can be used instead to avoid
this, and for the command line client a user can provide the user name (and
password) in the URL instead and in there they can be used URL encoded and it
works fine. The options cannot be passed in inside URLs like that.

Further, I'm afraid that users out there have scripts that send in -u
user:$password which makes them now fail if users would have semicolons in
their passwords. Such passwords worked fine before.

> That way it a) solves this issue and b) solves previously discussed issues
> with having a colon in user names and c) provides consistency across all
> user/password options ;-)

The only truly working way I can think of is to have separate options for all
of them so that we avoid single-letter separators completely. But since the
user+password are at least already working in one way since quite a long time
back, I think we should start with unbreaking that to get back to the state we
were in before...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2013-12-12

This message: [ Message body ]
Next message: Steve Holme: "RE: curl bug: ftp passwd with semicolon"
Previous message: Yehezkel Horowitz: "RE: Issue - necessary data rewind wasn't possible"
In reply to: Steve Holme: "RE: curl bug: ftp passwd with semicolon"
Next in thread: Steve Holme: "RE: curl bug: ftp passwd with semicolon"
Reply: Steve Holme: "RE: curl bug: ftp passwd with semicolon"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]