mirror of
https://github.com/moparisthebest/curl
synced 2024-12-24 17:18:48 -05:00
TODO: "Option to refuse usernames in URLs" done
Implemented by Björn in 946ce5b61f
This commit is contained in:
parent
a0f9670ec9
commit
54066f5d09
11
docs/TODO
11
docs/TODO
@ -17,7 +17,6 @@
|
|||||||
All bugs documented in the KNOWN_BUGS document are subject for fixing!
|
All bugs documented in the KNOWN_BUGS document are subject for fixing!
|
||||||
|
|
||||||
1. libcurl
|
1. libcurl
|
||||||
1.1 Option to refuse usernames in URLs
|
|
||||||
1.2 More data sharing
|
1.2 More data sharing
|
||||||
1.3 struct lifreq
|
1.3 struct lifreq
|
||||||
1.4 signal-based resolver timeouts
|
1.4 signal-based resolver timeouts
|
||||||
@ -189,16 +188,6 @@
|
|||||||
|
|
||||||
1. libcurl
|
1. libcurl
|
||||||
|
|
||||||
1.1 Option to refuse usernames in URLs
|
|
||||||
|
|
||||||
There's a certain risk for application in allowing user names in URLs. For
|
|
||||||
example: if the wrong person gets to set the URL and manages to set a user
|
|
||||||
name in there when .netrc is used, the application may send along a password
|
|
||||||
that otherwise the person couldn't provide.
|
|
||||||
|
|
||||||
A new libcurl option could be added to allow applications to switch off this
|
|
||||||
feature and thus avoid a potential risk.
|
|
||||||
|
|
||||||
1.2 More data sharing
|
1.2 More data sharing
|
||||||
|
|
||||||
curl_share_* functions already exist and work, and they can be extended to
|
curl_share_* functions already exist and work, and they can be extended to
|
||||||
|
Loading…
Reference in New Issue
Block a user