XP is just a number | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I realize this thread is over two years old, but it caught my attention because I have been looking into deobfuscation of evil URLs, and I believe this is not a good idea, particularly in a HTTP URL.
This field (called "userinfo") is defined in the general URI format in RFC 2396, but it is not used in the HTTP URL fomat described in RFC 2616. Nonetheless, most browsers will transmit this field unchanged, and most web servers will ignore it, but supply it to a CGI program as part of the "environment" data. Its chief application is intentionally obscuring the identity of the URL. It is used mainly by fraudsters and spammers for that purpose. In addition, here is a quote from RFC 2396: "It is clearly unwise to use a URL that contains a password which is intended to be secret. In particular, the use of a password within the 'userinfo' component of a URL is strongly disrecommended except in those rare cases where the 'password' parameter is intended to be public." In reply to Re: Re (tilly) 1: Put name and password in URLs
by vacant
|
|