Mathias Bauer wrote:
Hi Stephan,
Stephan Bergmann wrote:
Jan Holesovsky wrote:
Hi Mathias,
On Wednesday 02 of April 2008, Mathias Bauer wrote:
Hi, I'm new to Calc, and fascinated by its power, but while using "Link
to External Data" to get realtime stock quote, the website asks me to log
in first, would you mind telling me how to type username/password when
importing external data? Thanks. - psist -
I assume that "external data" shall mean "http". In ftp you could use
the "user:[EMAIL PROTECTED]" syntax, not sure if this is possible for http.
Unfortunately not until the CWS webdavandgvfslocking1 which changes
tools/source/fsys/urlobj.cxx to support the user and password for http as
well.
HTTP URLs never allowed for a user:password part (see RFCs 1738, 2616),
and probably for good reason: 'Some URL schemes use the format
"user:password" in the userinfo field. This practice is NOT RECOMMENDED,
because the passing of authentication information in clear text (such as
URI) has proven to be a security risk in almost every case where it has
been used.' [http://www.rfc-editor.org/rfc/rfc2396.txt]
Anyway, if you do change behavior of protocols or add new protocols at
tools/source/fsys/urlobj.cxx, please remember to update the grammar
documentation at the top of the file.
Should we take your mail as a suggestion not to add this feature to the UCB?
kendy, <http://www.openoffice.org/issues/show_bug.cgi?id=29152#desc57>:
'As to the username & password, it is convenient in the WebDAV case to
be able to provide the possibility, and the code in the WebDAV UCP had
code for that (though a bit broken). I agree that it is not good user
behavior, but OTOH the users want it
(https://bugzilla.novell.com/show_bug.cgi?id=363363), and other
applications (in KDE and Gnome) support this as well, so... But if you
insist it should not be there, I can make it ooo-build only [though I'd
rather up-stream it].'
sb, <http://www.openoffice.org/issues/show_bug.cgi?id=29152#desc60>:
'Nah, having it only downstream in ooo-build is probably not what
anybody wants. I do not *insist*, so if you *do* insist---go ahead.'
In this case the Calc team should get a bug report to make sure that
external data always is loaded with providing an interaction handler, so
that a password dialog can be shown when needed.
I still think that using user:pwd (esp. pwd) is a bad idea, so even if
we do allow that aberration, I would not recommend making use of it.
That would imply, yes, that any use case should be solvable without
resorting to storing passwords in URLs.
-Stephan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
