Passwords in URL's

Donald McKellar (CCTR145@cantva.canterbury.ac.nz)
Wed, 11 Jan 1995 00:52:33 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stephen D. Williams: "Re: Problem with mail URLs - was Re: Second round..."
Previous message: Rob Raisch: "Problem with mail URLs - was Re: Second round..."

Date: Wed, 11 Jan 1995 00:52:33 +0100

Message-Id: <Pine.3.89.9501111247.E750782804-0100000@csc.canterbury.ac.nz>

From: Donald McKellar <CCTR145@cantva.canterbury.ac.nz>

To: Multiple recipients of list <www-proxy@www0.cern.ch>

Subject: Passwords in URL's

Hello People

When people use a URL of the form:

ftp://username:password@host.name/filename

via a CERN httpd proxy server, the full URL including password is logged.
It is obviously inappropriate for a password to appear in plain text at
any time. Would it not be appropriate for the password part of the URL to
be hidden in the logs?

thanks
Donald

--
Donald McKellar				Phone: internal        6336
Computer Services Centre		       external  +64 3 364-2336
University of Canterbury		       fax       +64 3 364-2332   
New Zealand

Next message: Stephen D. Williams: "Re: Problem with mail URLs - was Re: Second round..."
Previous message: Rob Raisch: "Problem with mail URLs - was Re: Second round..."