TMA wrote:
> How can I enable that feature that will let assembly the login info into the
> URL address?
>
> For example: http://user
ass@www.website.com
Despite the stupidity regarding the security hazard of sending or saving
URLs in which login credentials are exposed in plain text form, the
above is NOT a legitimate URL for the HTTP scheme. It does not permit
the inclusion of parameters before the hostname.
RFC 1738
http://www.ietf.org/rfc/rfc1738.txt
Section 3.3, HTTP
Later RFCs obsolete this one but they do not alter the syntax for the
URL scheme. The latter RFCs (that obsolete 1738) don't actually define
the HTTP URL scheme. They rely on separate RFCs for definition of
syntax. For HTTP, that would be
http://tools.ietf.org/html/rfc2616.
There section 3.2.2 shows the syntax for the URI scheme of HTTP -- and
parameter BEFORE the host are NOT permitted which would include username
and password.
The problem with some web browser coders is that they thought the
generic URL scheme mentioned in section 3.1 of RFC 1738 applied to all
URL schemes. That was just an example. Each section describing a
particular URL scheme actually defines the valid syntax for that
particular scheme.
http://support.microsoft.com/kb/834489
Microsoft realized their screw up and updated IE back in Jan 2004 and,
of course, the change propagated into later versions so to comply with
the correct URL scheme for HTTP. Some other web browser authors have
yet to correct their mistake.
Linear Mode
