Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Remove Support For http(s) auth URLs

Posted by timothy on Wednesday January 28, 2004 @03:53AM from the was-sonst dept.

damohasi writes "According to Microsoft Knowledge Base, MS "plans to release a software update that removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer". Whether this will break rfc 1738 or not, it might get webspace provider in trouble who offer @-domains like the German 1und1."

1 of 79 comments (clear)

Min score:

Reason:

Sort:

Re:Of Course... by drnlm · 2004-01-28 04:16 · Score: 5, Informative

To quote the RFC:
An HTTP URL takes the form:
http://<host>:<port>/<path>? <searchpart>
where <host> and <port> are as described in Section 3.1. If :<port> is omitted, the port defaults to 80. No user name or password is allowed.
The allowing of username, password in http urls is a convention, but is certainly not the standard. If Microsoft does this, they'll actually be able to claim that IE is more standards-compliant than other browsers that allow the syntax.
Whether allowing this syntax is a good or bad idea is a completely different debate (and slashdot is arguably the wrong forum to discuss it :) ).