> On Apr 19, 2015, at 1:14 AM, Jens Alfke <[email protected]> wrote: > >> On Apr 18, 2015, at 7:36 PM, Daryle Walker <[email protected] >> <mailto:[email protected]>> wrote: >> >> I don’t really get what these protection spaces are, and my tool’s model >> should have the username & password be applicable to any URL submitted, and >> therefore any potential protection space. > > A stored credential is associated with a specific URL or domain or whatever — > a protection space — to keep its sensitive data from being leaked to > unrelated sites. > >> Will I get into problems if I keep the callback as above? > > It should be fine, although it seems suspect to have a username/password and > blindly try to send them to every HTTP server you encounter. Generally you > don’t want to send a password to another party except when you’re fairly sure > it’s the party that owns the account.
The most likely scenario would be using these options while submitting a single URL, but I don’t feel like ending the program with an error if there are multiple URLs while using the username & password options. (If the list of URLs are from the same site, they actually could use the same credential!) Also, looking at NSURLProtectionSpace, creating a custom space is non-trivial; so it’s nice that it’s not needed here. I just discovered that HTTP resources will use the credential object and ignore in-URL user-names and passwords, FTP resources are the other way! Maybe I’ll mutate submitted URLs to add the username and password if they don’t already have one. — Daryle Walker Mac, Internet, and Video Game Junkie darylew AT mac DOT com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to [email protected]
