8 Oct
2007
8 Oct
'07
10 a.m.
Ceriel Jacobs wrote:
Hi Andre,
now that the URL specs are in the repository, I have a question about it: why are there separate methods for "username" and "password"? rfc2396 mostly talks about a "userinfo" token, with the user:password possibility made scheme-specific. In fact, the rfc2396 text warns against having passwords in there, because of the security risk. So, I would prefer set_userinfo/get_userinfo methods instead of the get_[username|password]/set_[username|password].
Oops, I was looking at an obsolete RFC, but rfc3986 basically sais the same. Ceriel