Review Request: Make the http kioslave use credentials provided in the url
Richard Moore
richmoore44 at gmail.com
Wed Jul 8 23:49:12 BST 2009
I would say we should reject this patch. Including the credentials in
this way is flawed as it allows intermediate proxies to record the
credentials introducing a security hole. We should not allow this. The
specified use case of RPC over HTTP can already be accomplished in
numerous other ways (including directly using Basic or other
authentication through KIO or via XMLHttpRequest).
Cheers
Rich.
More information about the kde-core-devel
mailing list