"vlopper" said in
Hello,
I read somwhere that the new IE update stopped the ability to use the
userID
assword url format. Is there any way to work around this
"fix"? Can and how do I remove the update? Thank in advance. Vlop.
The "fix" was to make IE *more* compliant with RFC 1738
(
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1738.html). See the
discussion in alt.spam at:
or
http://snipurl.com/4efk
The [[username[@password]:] portion of the URL is *NOT* a valid HTTP URL.
These fields are not part of the HTTP format for a URL. Part of the problem
was that users mistook the generic URL format described in section 3.1 to
represent what all IP protocols should use and that is not how the RFC is
worded. The later section on each protocol (HTTP, FTP, and especially for
mailto and news) override what is described for the generic URL (just like
addendums in a legal contract override prior terms and conditions).
Regardless of how it might've been misused, the HTTP protocol does not allow
the inclusion of username and password in its domain portion of the URL.
The RFC could be cleaned up to be more clear. Even when you use the BNF
syntax section to figure out what is a valid URL for HTTP, you can be also
misled because later sections override prior sections.
If you have a need for your users to post their username and password in the
clear as plain text that any sniffer can discover, then use a URL like:
http://host.domain.com/[optionalprog]?user=<username>&pass=<password>
where user and pass are the name of the objects (vars) in which you read the
values passed as parameters in the URL.
