You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by co...@apache.org on 2000/05/03 22:13:21 UTC

Re: mod_log-any/5747: Does not log userid/pass if brought in on URL line

[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or      ]
["Re: general/1098:").  If the subject doesn't match this       ]
[pattern, your message will be misfiled and ignored.  The       ]
["apbugs" address is not added to the Cc line of messages from  ]
[the database automatically because of the potential for mail   ]
[loops.  If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request from a  ]
[developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]


Synopsis: Does not log userid/pass if brought in on URL line

State-Changed-From-To: open-closed
State-Changed-By: coar
State-Changed-When: Wed May  3 13:13:21 PDT 2000
State-Changed-Why:
According to RFC 1738, section 3.3, usernames and passwords
are NOT ALLOWED in http-schemed URLs.  So even if some
browsers and servers support this, it is technically
illegal and Apache is perfectly correct in ignoring
the auth information passed thusly.