Feedback wanted regarding prettyURL()
Matthew Woehlke
mw_triad at users.sourceforge.net
Thu Aug 16 23:52:49 BST 2007
Dirk Mueller wrote:
> To avoid the latest announced url spoofing attacks in a general way, I
> suggested to shorten the username, to avoid that the user misinterprets the
> username actually as part of the hostname.
>
> this however breaks the url pretty badly: the username is not really valid
> anymore. on the other hand, its unlikely that there will be a very long
> username given, especially if no password has been added.
In KDE3, I see that the password is already stripped, so if you were
actually using a login, the URL already "invalid"... except that konq is
caching your credentials anyway. Therefore, what is the problem with
always removing the user name? One could even argue that this improves
security when logging in legitimately, in the same manner that removing
the password from the displayed URL does.
--
Matthew
"So long, and thanks for all the fish" -- the dolphins
More information about the kde-core-devel
mailing list