Closed
Bug 202419
Opened 22 years ago
Closed 9 years ago
ftp://@hostname should tell FTP to use username and password auth
Categories
(Core Graveyard :: Networking: FTP, enhancement)
Core Graveyard
Networking: FTP
Tracking
(Not tracked)
RESOLVED
WONTFIX
Future
People
(Reporter: benc, Unassigned)
References
(Blocks 1 open bug, )
Details
Attachments
(1 file)
|
47.77 KB,
image/jpeg
|
Details |
error message box
We already do not support sending an emtpy username, even though RFC 1738 says
that is different than sending no username:
Note that an empty user name or password is different than no user
name or password; there is no way to specify a password without
specifying a user name. E.g., <URL:ftp://@host.com/> has an empty
user name and no password, <URL:ftp://host.com/> has no user name,
while <URL:ftp://foo:@host.com/> has a user name of "foo" and an
empty password.
In this situation, we simply ignore the "@", and go to anonymous mode, which
certainly is not the best interpretation of this syntax.
What we should do, is prompt for a username+password.
The reason why is that publisher's could use this format to create a URL that
would prompt for authentication.
Currently, we do not prompt for auth if anonymous fails (bug 124561).
We do prompt for auth when a username is in the URL (ftp://user@hostname/), but
we do not allow editing of the username.
That means that there is no easy way to create URL's that allow multiple users
to be prompted for auth before accessing a file via FTP.
I really doubt there are systems out there that actually use the "empty
username" scenario, I think mapping it to a user-entered username is a novel,
but conservative use of the URL syntax.
|
||
Updated•22 years ago
|
Severity: normal → enhancement
Target Milestone: --- → Future
|
||
Comment 1•21 years ago
|
||
Mozilla even doesn't connect to a password-protected server typing
ftp://ftp.hostname.com. Mozilla should ask for username and password.
Instead of that appears "530 login incorrect", even without automatical
login with an e-mail adress. It's the same with mozilla 1.8a release
and the 20040602 firefox nightly.
klaus: see bug 124561.
|
||
Comment 3•20 years ago
|
||
|
|
||
Comment 4•20 years ago
|
||
When linking to an FTP address WITH username and password, e.g.:
ftp://waldr0n:passw0rd@ftp.squarework.com/
... you get the message 'You are about to log into the site
"ftp.squarework.com" with the username "waldr0n", but the website does not
require authentication. This may be an attenpt to trick you. Is
"ftp.squarework.com" the sit eyou want to use?'
If you try linking to the site WITHOUT the username and password, you are
prompted for them.
|
||
Comment 6•9 years ago
|
||
only critical ftp changes now
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
|
||
Updated•8 months ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•