Feedback wanted regarding prettyURL()

Matthew Woehlke mw_triad at
Thu Aug 16 23:52:49 BST 2007

Dirk Mueller wrote:
> To avoid the latest announced url spoofing attacks in a general way, I 
> suggested to shorten the username, to avoid that the user misinterprets the 
> username actually as part of the hostname. 
> this however breaks the url pretty badly: the username is not really valid 
> anymore. on the other hand, its unlikely that there will be a very long 
> username given, especially if no password has been added. 

In KDE3, I see that the password is already stripped, so if you were 
actually using a login, the URL already "invalid"... except that konq is 
caching your credentials anyway. Therefore, what is the problem with 
always removing the user name? One could even argue that this improves 
security when logging in legitimately, in the same manner that removing 
the password from the displayed URL does.

"So long, and thanks for all the fish" -- the dolphins

More information about the kde-core-devel mailing list