Re: FTP proxy broken for non-anonymous ftp in IE

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

At 10:10 AM 5/28/2004, John Wojtowicz wrote:
>[...] the patch in question didn't account for the case where an ftp request
>might be of the form ftp://user@ftp.site.org
>
>It also seems to hardcode the ftp sites port to 21 which is probably
>acceptable,  for most people, and doesn't pull the port from the URI.
>
>I have a patch fix that uses adds parsing for the username and the port
>number from the request.  This patch has been tested with mozilla and 
>works fine, but I.E. doesn't work for some reason.  Did authenticated 
>FTP proxying ever work with mod_proxy and Internet Explorer?

Microsoft, in it's all seeing all knowing benevolence, broke from RFC2616
and no longer allows proto:user@password mechanics in IE (at least,
in HTTP.)  This was done for the users of the world assaulted daily by
http://ebay.example.com@reallynastyhackers.example.net/ URL's.
Although many of us think this is a *presentation* problem, they decided
that it is a vulnerability and crippled the feature.

Your patch sounds great, and it quite possibly did work in the past,
but we don't expect to see this work from IE anymore, at least, not
when it uses http proxy.

Bill