[Users] [Bug 3099] when used in URI, (https://USERNAME:MYPASSWORD at mailserver/home/USERNAME/Calendar), password stored in plain text

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Thu Mar 13 16:23:07 CET 2014


--- Comment #28 from Tomas Radej <tradej at redhat.com> ---
I wasn't going to comment further on the matter, but I have to.


While the CVE might indeed be an overkill, I do not agree with this being a
hack. You may very well claim that you don't support this feature of the HTTP
protocol, but I say that every program that can query a HTTP URL can by
definition support HTTP authentication. If you don't agree with this
interpretation, fine. Let me just point out that even the bloody Internet
Explorer 5 stripped the credentials off the entry in History.


You are receiving this mail because:
You are the assignee for the bug.

More information about the Users mailing list