[1119] in WWW Security List Archive
Re: FTP Security
daemon@ATHENA.MIT.EDU (Howard Melman)
Fri Nov 3 21:18:52 1995
Date: Fri, 3 Nov 1995 18:09:45 -0500
From: Howard Melman <melman@osf.org>
To: John Stewart <jns@cisco.com>
Cc: om@pc.isl.goldstar.co.kr, www-security@ns2.rutgers.edu
In-Reply-To: <199511031546.HAA19754@ace.cisco.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri Nov 3, 1995, John Stewart wrote:
> Netscape doesn't have this restriction. You can specify
>
> http://user@host/directory/file
>
> and it will prompt you for a password in a different style dialogue
> box than the normal authentication box. I was appalled to learn that
> all other browsers don't understand this convention, and if fact _we_
> are going to have to implement something similar since we're changing
> the CIO ftp system for Cisco.
>
> I just wish all browsers did the FTP protocol correctly.
I hope you meant ftp: instead of http: in the above
examples. RFC 1738 says:
3.1. Common Internet Scheme Syntax
While the syntax for the rest of the URL may vary depending on the
particular scheme selected, URL schemes that involve the direct use
of an IP-based protocol to a specified host on the Internet use a
common syntax for the scheme-specific data:
//<user>:<password>@<host>:<port>/<url-path>
Some or all of the parts "<user>:<password>@", ":<password>",
3.3. HTTP
The HTTP URL scheme is used to designate Internet resources
accessible using HTTP (HyperText Transfer Protocol).
The HTTP protocol is specified elsewhere. This specification only
describes the syntax of HTTP URLs.
An HTTP URL takes the form:
http://<host>:<port>/<path>?<searchpart>
where <host> and <port> are as described in Section 3.1. If :<port>
is omitted, the port defaults to 80. No user name or password is
allowed. <path> is an HTTP selector, and <searchpart> is a query
string. The <path> is optional, as is the <searchpart> and its
preceding "?". If neither <path> nor <searchpart> is present, the "/"
may also be omitted.
Within the <path> and <searchpart> components, "/", ";", "?" are
reserved. The "/" character may be used within HTTP to designate a
hierarchical structure.
