From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS14383 205.234.109.0/24 X-Spam-Status: No, score=-0.7 required=5.0 tests=AWL,MSGID_FROM_MTA_HEADER, RP_MATCHES_RCVD shortcircuit=no autolearn=unavailable version=3.3.2 Path: news.gmane.org!not-for-mail From: John-Paul Bader Newsgroups: gmane.comp.lang.ruby.unicorn.general Subject: Re: Usernames in the http_URL Date: Fri, 18 Dec 2009 10:48:43 +0100 Message-ID: <1191F787-4539-4877-86A1-C62C8D58DC27@berlin.ccc.de> References: <20091218012332.GA30328@dcvr.yhbt.net> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 (Apple Message framework v1077) Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1261129865 30181 80.91.229.12 (18 Dec 2009 09:51:05 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 18 Dec 2009 09:51:05 +0000 (UTC) To: unicorn list Original-X-From: mongrel-unicorn-bounces@rubyforge.org Fri Dec 18 10:50:58 2009 Return-path: Envelope-to: gclrug-mongrel-unicorn@m.gmane.org X-Original-To: mongrel-unicorn@rubyforge.org Delivered-To: mongrel-unicorn@rubyforge.org In-Reply-To: X-Mailer: Apple Mail (2.1077) X-BeenThere: mongrel-unicorn@rubyforge.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: mongrel-unicorn-bounces@rubyforge.org Errors-To: mongrel-unicorn-bounces@rubyforge.org Xref: news.gmane.org gmane.comp.lang.ruby.unicorn.general:225 Archived-At: Received: from rubyforge.org ([205.234.109.19]) by lo.gmane.org with esmtp (Exim 4.50) id 1NLZU9-0002rW-Tz for gclrug-mongrel-unicorn@m.gmane.org; Fri, 18 Dec 2009 10:50:58 +0100 Received: from rubyforge.org (rubyforge.org [127.0.0.1]) by rubyforge.org (Postfix) with ESMTP id AF16F18582FD; Fri, 18 Dec 2009 04:50:54 -0500 (EST) Received: from mail.h3q.com (mail.h3q.com [213.73.89.199]) by rubyforge.org (Postfix) with ESMTP id 4B6B11858306 for ; Fri, 18 Dec 2009 04:48:45 -0500 (EST) Received: (qmail 76530 invoked from network); 18 Dec 2009 09:48:44 -0000 Received: from mail.h3q.com (HELO mail.h3q.com) (hukl) by mail.h3q.com with AES128-SHA encrypted SMTP; 18 Dec 2009 09:48:44 -0000 Hey guys, I think the ://:@/ scheme is= not "illegal". There are examples of this in the URL RFC, just no explicit= HTTP example. This probably a vague area. Its not in the http rfc and its not explicitly = mentioned in the http auth rfc either but in combination with the URL RFC t= here is at least room for it. I haven't found the paragraph yet which says:= no username:password stuff allowed in http urls. But I was just searching = through these things =85 there are good chances I missed it. http://en.wikipedia.org/wiki/URI_scheme http://tools.ietf.org/html/rfc2617 http://www.ietf.org/rfc/rfc1738.txt Anyway, I came across such urls a lot. Often I use them for giving people e= asy access to an otherwise basic authed resource - in a chat conversation = for example. I know apache and nginx support this - IIS does not. = Hrm - tough call ;) Kind regards, John _______________________________________________ Unicorn mailing list - mongrel-unicorn@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-unicorn Do not quote signatures (like this one) or top post when replying