|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: MS announces change in IE behavior
From: Parcifal Aertssen (parcifal
AQTRONIX.COM)
Date: Wed Jan 28 2004 - 17:45:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>No doubt some who will cry foul, "Hey, you're breaking the RFC",
Not at all, the RFC specification says that http authentication is not
allowed in a http url, it is allowed in a generic URI but not for HTTP urls,
this is an exception!
RFC 1738 - Page 8
3.3. HTTP
The HTTP URL scheme is used to designate Internet resources
accessible using HTTP (HyperText Transfer Protocol).
The HTTP protocol is specified elsewhere. This specification only
describes the syntax of HTTP URLs.
An HTTP URL takes the form:
http://<host>:<port>/<path>?<searchpart>
where <host> and <port> are as described in Section 3.1. If :<port>
is omitted, the port defaults to 80. No user name or password is
allowed.
So, Microsoft is in fact sticking to the RFC this time, something they
should have done long time ago. I have been blocking this "http
authentication" in every mail I received on my domain for over a year, but
when I saw the IE url obfuscation issue a few weeks back, I was amased that
nobody knew this, so I thought I was wrong and that's why I didn't reply.
Microsoft still gets a "D" from me for this big mess!
Regards,
Parcifal Aertssen
AQTRONIX
http://www.aqtronix.com/
-----
NTBugtraq Editor's Note:
I'm looking for an event at which I can speak in Australia, specifically near Brisbane, as close to Christmas as possible. Anyone interested in flying me down under at that time, please contact me at Russ.Cooperrc.on.ca
-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]