Review Request: Make the http kioslave use credentials provided in the url

Richard Moore richmoore44 at
Wed Jul 8 23:49:12 BST 2009

I would say we should reject this patch. Including the credentials in
this way is flawed as it allows intermediate proxies to record the
credentials introducing a security hole. We should not allow this. The
specified use case of RPC over HTTP can already be accomplished in
numerous other ways (including directly using Basic or other
authentication through KIO or via XMLHttpRequest).



More information about the kde-core-devel mailing list