[Users] [Bug 3099] when used in URI, (https://USERNAME:MYPASSWORD at mailserver/home/USERNAME/Calendar), password stored in plain text

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu Mar 13 16:23:07 CET 2014


http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3099

--- Comment #28 from Tomas Radej <tradej at redhat.com> ---
I wasn't going to comment further on the matter, but I have to.

<rant>

While the CVE might indeed be an overkill, I do not agree with this being a
hack. You may very well claim that you don't support this feature of the HTTP
protocol, but I say that every program that can query a HTTP URL can by
definition support HTTP authentication. If you don't agree with this
interpretation, fine. Let me just point out that even the bloody Internet
Explorer 5 stripped the credentials off the entry in History.

</rant>

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Users mailing list