991108 Leonid Pauzner & Klaus Weide discussed:
LP> When I start with ftp://user:[EMAIL PROTECTED]
LP> ^^^^^^
LP> I see that prefix with username and password unencripted
LP> for all URLs shown from lynx: in Advanced mode statusline
LP> while navigating across directories; in History/VisitedLinks/Info
KW> Using a password in a URL is so hopelessly bad
KW> I wouldn't bother trying to hide it.
KW> Don't give the impression you can make it more invisible
KW> unless you really can make it disappear from *all* places that matter.
KW> If you only strip it out in some obvious places,
KW> you are just misleading the user to *think* it is hidden.
IOW "Traffic conditions & speeding on this road are so bad
you shouldn't put a pedestrian crossing there
because people might get hurt using it:
they should just stay on their own side of the road".
pessimistic fatalism? fatal pessimism?
LP> (1) exclude password from URL in mainloop (or HTParse stage?)
LP> and keep it separately until the remote server responds
LP> with "enter a password", than send a password automatically on request.
LP> (2) Change the samples in "URL Schemes Supported in Lynx"
LP> so they would appear without //user:passw@ but //user@
LP> with the explanation of yet another possibility added in words.
sounds good here: thanx for pointing this out; hope you send a patch.
--
========================,,============================================
SUPPORT ___________//___, Philip Webb : [EMAIL PROTECTED]
ELECTRIC /] [] [] [] [] []| Centre for Urban & Community Studies
TRANSIT `-O----------O---' University of Toronto
