Re: How to set Http Request Header?

From: Mark Marcus (mark_at_agentnews.sales.xhome.us)
Date: 09/27/04 

Date: Mon, 27 Sep 2004 00:20:45 -0700

On Tue, 21 Sep 2004 08:57:46 +0100, "Chris Uppal"
<chris.uppal@metagnostic.REMOVE-THIS.org> wrote:

>Mark Marcus wrote:
>
>> Microsoft IE no longer accepts user:pw@.... formats anymore (as a
>> default). A user has to use REGEDIT to allow this format. It's yet
>> another example of how Microsoft doesn't know how to fix code, so they
>> break standards.
>
>While I'm no more impressed than anyone by MS's dismal record of security holes
>badly patched with security hacks, you are being overly harsh here. MS's
>standards-breaking error was that they accepted the user:pw@ notation in the
>first place, not that they later removed it.
>
>If you check RFC2616, section 3.2.2 you'll find that it does /not/ allow the @
>notation in an HTTP URL, specifically it gives the grammar as:
>
> http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
>
>It references RFC2396 (which does mention the @ syntax, but that's a much more
>general document than RFC2616) for the meaning of 'host', 'port' etc. If it
>were intended to allow the @ syntax, then it would use different terms from
>RFC2396; and might read:
>
> http_URL = "http:" "//" server [ abs_path [ "?" query ]]
>
>where (from 2396):
>
> server = [ [ userinfo "@" ] hostport ]
> hostport = host [ ":" port ]
>

Yes, it does reference 2396, it didn't obsolete it. 2396 _is_ the
standard for the URI. Section 3 of 2396 states that the syntax for a
URI is:

3. <scheme>://<authority><path>?<query>
3.2 authority = server | reg_name
3.2.2 server = [ [ userinfo "@" ] hostport ]

It is true that the RFC recommends against the use of the userinfo
data for the reasons you cite, but that doesn't justify the decision
not to support it. If the RFC intended it never to be supported, an
update would have been issued that would have removed it from the
syntax.

This last is the likely reason that non-IE browsers (still) support
the feature, while Microsoft does not. Microsoft admits that the
reason they stopped supporting the feature was because of a security
hole in IE. Rather than fix the security hole, they chose to not
support the feature. See:

http://support.microsoft.com/default.aspx?scid=kb;en-us;834489

Mark Marcus
Protect Your Email Address and Make Money too!
http://www.xhome.org My Sales Code is 22819

Relevant Pages

  • Re: media player 10 and codec error
    ... >> version pick any of the codecs you want to none of it works ... Microsoft doesn't produce any of the codec's. ... > consider that free tech support if they gave away xp it would be free ... >>>> FIX YOUR JUNK OR DONT INCLUDE IN ON THE COMPUTER THANKS ...
    (microsoft.public.windowsmedia.player)
  • RE: Users Can Not Paste
    ... running as a Windows ... >A supported fix is now available from Microsoft, ... Microsoft recommends that you wait for the next ... >Support Services phone numbers and information about ...
    (microsoft.public.win2000.termserv.apps)
  • RE: Users Can Not Paste
    ... Terminal Services client to copy or move files, you may not be able to cut, ... A supported fix is now available from Microsoft, but it is only intended to ... contact Microsoft Product Support ...
    (microsoft.public.win2000.termserv.apps)
  • RE: Network Shared Printing Error Event ID 61
    ... The hot fix has been packaged and placed ... obtain the latest service pack for Microsoft ... contact Microsoft Product Support ...
    (microsoft.public.win2000.networking)
  • Re: Need hotfix for KB 818133 - default power not applied at startup
    ... I'm looking for the fix to the problem identified in KB artical ... >I wanted to let you know that hotfixes are generally available for specific ... >call into the appropriate Microsoft Support phone line, ... >help and advice from a Microsoft support professional. ...
    (microsoft.public.windowsxp.general)