Closed Bug 202419 Opened 22 years ago Closed 9 years ago

ftp://@hostname should tell FTP to use username and password auth

Categories

(Core :: Networking: FTP, enhancement)

Product:
Core
Component:
Networking: FTP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Milestone:
Future

People

(Reporter: benc, Unassigned)

References

(Blocks 1 open bug,
URL
)

Details

Attachments

(1 file)

error message box
(deleted), image/jpeg
Details 
We already do not support sending an emtpy username, even though RFC 1738 says
that is different than sending no username:

 Note that an empty user name or password is different than no user
   name or password; there is no way to specify a password without
   specifying a user name. E.g., <URL:ftp://@host.com/> has an empty
   user name and no password, <URL:ftp://host.com/> has no user name,
   while <URL:ftp://foo:@host.com/> has a user name of "foo" and an
   empty password.

In this situation, we simply ignore the "@", and go to anonymous mode, which
certainly is not the best interpretation of this syntax.

What we should do, is prompt for a username+password.

The reason why is that publisher's could use this format to create a URL that
would prompt for authentication.

Currently, we do not prompt for auth if anonymous fails (bug 124561).

We do prompt for auth when a username is in the URL (ftp://user@hostname/), but
we do not allow editing of the username.

That means that there is no easy way to create URL's that allow multiple users
to be prompted for auth before accessing a file via FTP.

I really doubt there are systems out there that actually use the "empty
username" scenario, I think mapping it to a user-entered username is a novel,
but conservative use of the URL syntax.
Severity: normal → enhancement
Target Milestone: --- → Future
Blocks: 232560
Mozilla even doesn't connect to a password-protected server typing
ftp://ftp.hostname.com. Mozilla should ask for username and password.
Instead of that appears "530 login incorrect", even without automatical
login with an e-mail adress. It's the same with mozilla 1.8a release
and the 20040602 firefox nightly. 
klaus: see bug 124561.
Attached image error message box (deleted) — 

  

  



    
    

    
  
When linking to an FTP address WITH username and password, e.g.:
ftp://waldr0n:passw0rd@ftp.squarework.com/

 ... you get the message 'You are about to log into the site
"ftp.squarework.com" with the username "waldr0n", but the website does not
require authentication. This may be an attenpt to trick you.  Is
"ftp.squarework.com" the sit eyou want to use?'

If you try linking to the site WITHOUT the username and password, you are
prompted for them.

  

  



    
    

    
  
mass reassigning to nobody.

  

  


Assignee: dougt → nobody

    
    

    
  
only critical ftp changes now

  

  


Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: