Full Disclosure mailing list archives
Re: Absurd Microsoft QA? The Return of the "username@password"...
From: Kevin Sullivan <krs () c3group net>
Date: Thu, 12 Feb 2004 11:00:30 -0500
>* Here's the final straw On February 10, 2004 Microsoft released > a patch that restores the "username@password:" functionality in URL >references! > * It seems they are trying to hide this fact as this is not >widely publicized and it is NOT being labeled as an IE patch nor a even >a security patch! Probably because it is NOT a security patch, nor does it restore the embedded-credentials functionality. It addresses the specific problem (created by the 04 patch )of not being able to pass user credentials in an XML Open() call. From the M$ article: "This fix will only enable the scenario where user credentials are passed as parameters in the Open() method call. It will not enable scenarios where the user credentials are embedded in the URL."Ks
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Absurd Microsoft QA? The Return of the "username@password"... Kevin Sullivan (Feb 12)