Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

\Nette\Http\Url ignore user and password for http and https links #63

Closed
integer opened this issue Jun 10, 2015 · 6 comments
Closed

\Nette\Http\Url ignore user and password for http and https links #63

integer opened this issue Jun 10, 2015 · 6 comments

Comments

@integer
Copy link
Contributor

@integer integer commented Jun 10, 2015

What is the reason for this line of code https://github.com/nette/http/blob/master/src/Http/Url.php#L363 ? What is the main difference between http and https and other schemas?

Expected behavior: generate link with user and password for every schema if user and password are set.

@JanTvrdik
Copy link
Contributor

@JanTvrdik JanTvrdik commented Jun 10, 2015

My guess is that passing username+password in URL is considered insecure.

Loading

@integer
Copy link
Contributor Author

@integer integer commented Jun 10, 2015

Ok, but why it is OK for ftp, but insecure for http?

Loading

@dg
Copy link
Member

@dg dg commented Jun 10, 2015

Loading

@artyuum
Copy link

@artyuum artyuum commented Aug 8, 2018

@dg sure, let's talk in a forum where the language is not even english, this will certainly help the others who have the same issue...

Loading

@milo
Copy link
Member

@milo milo commented Aug 9, 2018

@artyuum Why do you suppose, that "the others" are incompetent idiods? It is not nice from you. I would suppose, that the others can always write: "Hi, I tried to Google-translate the forum post, but still don't undestand. Could someone white here result in english please?"

And someone can write: "Sure. There is written, that the HTTP and HTTPS used to behave in the same way as other protocols. But showed up, that it was not secure. And because we didn't find a use case, we dropped user and password from these protocols. What is your use case?"

Loading

@artyuum
Copy link

@artyuum artyuum commented Aug 10, 2018

@milo My bad, I just found out that the forum offers two languages :

  • Česky
  • English

I didn't see it earlier.
Anyway, I've never called anyone who has the same issue : incompetent "idiods". I wasn't trying to be rude to anyone, I was just a little mad because for an opensource project you shouldn't redirect anyone who asks a question in English, to a forum where the language is not even English, that was before I realize that the forum has an "English section'.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants