You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by co...@apache.org on 2000/05/03 22:13:21 UTC
Re: mod_log-any/5747: Does not log userid/pass if brought in on URL line
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
Synopsis: Does not log userid/pass if brought in on URL line
State-Changed-From-To: open-closed
State-Changed-By: coar
State-Changed-When: Wed May 3 13:13:21 PDT 2000
State-Changed-Why:
According to RFC 1738, section 3.3, usernames and passwords
are NOT ALLOWED in http-schemed URLs. So even if some
browsers and servers support this, it is technically
illegal and Apache is perfectly correct in ignoring
the auth information passed thusly.