1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 17:18:48 -05:00

TODO: "Option to refuse usernames in URLs" done

Implemented by Björn in 946ce5b61f
This commit is contained in:
Daniel Stenberg 2018-06-13 11:24:34 +02:00
parent a0f9670ec9
commit 54066f5d09
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -17,7 +17,6 @@
All bugs documented in the KNOWN_BUGS document are subject for fixing! All bugs documented in the KNOWN_BUGS document are subject for fixing!
1. libcurl 1. libcurl
1.1 Option to refuse usernames in URLs
1.2 More data sharing 1.2 More data sharing
1.3 struct lifreq 1.3 struct lifreq
1.4 signal-based resolver timeouts 1.4 signal-based resolver timeouts
@ -189,16 +188,6 @@
1. libcurl 1. libcurl
1.1 Option to refuse usernames in URLs
There's a certain risk for application in allowing user names in URLs. For
example: if the wrong person gets to set the URL and manages to set a user
name in there when .netrc is used, the application may send along a password
that otherwise the person couldn't provide.
A new libcurl option could be added to allow applications to switch off this
feature and thus avoid a potential risk.
1.2 More data sharing 1.2 More data sharing
curl_share_* functions already exist and work, and they can be extended to curl_share_* functions already exist and work, and they can be extended to