On Sat, July 10, 2004 7:00 pm, Nick FitzGerald said: > You need look no further back than the > kerfuffle a couple of months ago over the removal of IE's patently > incorrect support for "user:pwd@" userid data in http URIs for an > example, but there are many other, earlier examples.
I'm a little confused by what you mean here. The "user:pwd@" prefix is a part of the URI standard documented in the RFC. As far as I can tell, the patently incorrect part is that they removed it and thus made the browser (even more) lacking in standards support. It's a simple example of how MS solves problems: 1. Fix the feature that is vulnerable 2. Disable the feature that is vulnerable Lately, they just disable the feature. At this rate, pretty soon, Windows won't do much. -Eric -- arctic bears - affordable email and name services @yourdomain.com http://www.arcticbears.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html