[Melbourne-pm] Perl web application framework recommendations

Joshua Goodall joshua at roughtrade.net
Wed Aug 18 00:23:37 CDT 2004


On Wed, Aug 18, 2004 at 03:04:40PM +1000, Scott Penrose wrote:
> Safari, IE and Konqueror all support user@ type URL, which is great 
> when you just want to change your user, you just add user@ in front of 
> your URL.
> 
> Unfortunately it appears that the Mozilla team have seen this to be 
> compromise of security (not sure why). Maybe it is a Mozilla bug.

This is a security bug and was dropped by IE in February.

http://www.kb.cert.org/vuls/id/652278
http://support.microsoft.com/?id=834489
http://xforce.iss.net/xforce/xfdb/13935

In IE, you now get an invalid syntax error. 

Mozilla allows it, but pops up a dialog with the message "You are
about to login to this website, but the website does not require
authentication. The website may be trying to trick you." if it
doesn't get a challenge, or if you were already authenticated under
another username.

Joshua.



-- 
Joshua Goodall                           "as modern as tomorrow afternoon"
joshua at roughtrade.net                                       - FW109
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://mail.pm.org/pipermail/melbourne-pm/attachments/20040818/ef05118f/attachment.bin


More information about the Melbourne-pm mailing list