Re: DO NOT REPLY [Bug 28728] - HttpUrl does not accept unescaped passwords

Wed, 08 Sep 2004 05:59:30 -0700 

Hi Odi,

since the class is named HttpURL (or HttpsURL), I don't
think we need to bother about non-HTTP URL schemes :-)

Anyway, I like your version with separate constructors
for escaped and non-escaped authentication data. It
gives maximum flexibility.

cheers,
  Roland





Ortwin Glück <[EMAIL PROTECTED]> 
08.09.2004 14:27
Please respond to
"Commons HttpClient Project"


To
Commons HttpClient Project <[EMAIL PROTECTED]>
cc

Subject
Re: DO NOT REPLY [Bug 28728]  -     HttpUrl does not accept unescaped 
passwords






Thanks again. The problem with that patch is that it assumes that
userinfo is always a username and password. This may be almost always
the case for the HTTP scheme. But actually the userinfo part of a URL
can be *anything*. The actual format of userinfo strongly depends on the
context (i.e. the authentication scheme). RFC-2396 states: "Some URL
schemes use the format "user:password" in the userinfo field."

I suggest we provide

public HttpURL(String user, String password, String host, int port,
              String path, String query, String fragment) throws
URIException

which takes user and password, properly escapes them and joins them
together with a colon as the delimiter and just feeds them into the
generic constructor.

We would then not deprecate
public HttpURL(String userinfo, String host, int port, String path,
               String query, String fragment) throws URIException

but change its contract to require userinfo to be correctly escaped and
limited to the legal set of characters.

O.

[EMAIL PROTECTED] wrote:

> ------- Additional Comments From [EMAIL PROTECTED]  2004-09-08 12:05 
-------
> Created an attachment (id=12670)
> The same patch im unified diff format (forgot the -u, sorry)

-- 
  _________________________________________________________________
  NOSE applied intelligence ag

  ortwin glück                      [www]      http://www.nose.ch
  software engineer
  hardturmstrasse 171               [pgp id]           0x81CF3416
  8005 zürich                       [office]      +41-1-277 57 35
  switzerland                       [fax]         +41-1-277 57 12

---------------------------------------------------------------------
To unsubscribe, e-mail: 
[EMAIL PROTECTED]
For additional commands, e-mail: 
[EMAIL PROTECTED]

Reply via email to