Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

\Nette\Http\Url ignore user and password for http and https links #63

Closed
integer opened this issue Jun 10, 2015 · 6 comments

Comments

@integer
Copy link
Contributor

commented Jun 10, 2015

What is the reason for this line of code https://github.com/nette/http/blob/master/src/Http/Url.php#L363 ? What is the main difference between http and https and other schemas?

Expected behavior: generate link with user and password for every schema if user and password are set.

@JanTvrdik

This comment has been minimized.

Copy link
Contributor

commented Jun 10, 2015

My guess is that passing username+password in URL is considered insecure.

@integer

This comment has been minimized.

Copy link
Contributor Author

commented Jun 10, 2015

Ok, but why it is OK for ftp, but insecure for http?

@dg

This comment has been minimized.

Copy link
Member

commented Jun 10, 2015

@artyuum

This comment has been minimized.

Copy link

commented Aug 8, 2018

@dg sure, let's talk in a forum where the language is not even english, this will certainly help the others who have the same issue...

@milo

This comment has been minimized.

Copy link
Member

commented Aug 9, 2018

@artyuum Why do you suppose, that "the others" are incompetent idiods? It is not nice from you. I would suppose, that the others can always write: "Hi, I tried to Google-translate the forum post, but still don't undestand. Could someone white here result in english please?"

And someone can write: "Sure. There is written, that the HTTP and HTTPS used to behave in the same way as other protocols. But showed up, that it was not secure. And because we didn't find a use case, we dropped user and password from these protocols. What is your use case?"

@artyuum

This comment has been minimized.

Copy link

commented Aug 10, 2018

@milo My bad, I just found out that the forum offers two languages :

  • Česky
  • English

I didn't see it earlier.
Anyway, I've never called anyone who has the same issue : incompetent "idiods". I wasn't trying to be rude to anyone, I was just a little mad because for an opensource project you shouldn't redirect anyone who asks a question in English, to a forum where the language is not even English, that was before I realize that the forum has an "English section'.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.