Closed Bug 43889 Opened 24 years ago Closed 24 years ago

Problem with ":" in username or password in username:password@site URLs

Categories

(Core :: Networking, defect, P3)

Product:
Core
Component:
Networking
Platform:
x86
Windows 98
Type:
defect

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: bugzilla, Assigned: andreas.otte)

References

(
URL
)

Details

I have a direct link to a software update site that requires username and password. I store the username and password in the URL for the site, like this: http://gemal:gemal@www.gemal.dk/ But now the company changed the password so that it contains a ":" http://gemal:gemal:123@www.gemal.dk/ This URL mozilla totally refuses to load. Not an error or anything. It works fine in Netscape 4.73. If you remove the ":" from the URL it loads fine. Build 2000062608 on Win98
This seems like it might be some kind of protocol problem...maybe it's reading the wrong protocol because of the added ":" 's? I'm just guessing here, but I'll dig deeper. Gagan?
Severity: major → normal
I thought the reason people started having a mandatory : was to prevent people from using a link based authentication (so that you could not construct a link as in the sample) But either way, this should have worked. to andreas, our parsing king.
Assignee: gagan → andreas.otte
In the prehost part of an url the : is a reserved char, it separates the username from the password. Currently we take the first : in the prehost as the separator. A username containig an unescaped : seems wrong, escaping it should work. I don't know how NS 4.73 does it, maybe they use the last : as separator. But then you could easily create a similar problem with gemal being the username and gemal:123 as the password, where 4.73 would fail. As I see it this is a no win scenario without escaping the right :. Try it with escaping.
Henrik: Have you tried it with %3A instead of : in your username? This should successfully mask it for the urlparser.
Unless I hear something soon from the reporter of this bug I'm going to mark it invalid, : is reserved within the prehost and has to be properly escaped when not being used to separate the user from the password.
--> invalid
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
It was just that: http://gemal:gemal:123@www.gemal.dk/ loaded fine on Netscape 4.73 and in Mozilla nuthing happens when entering: http://gemal:gemal:123@www.gemal.dk/ in the Location and pressing enter.
vrfy invalid, and escaping it with %3A as Andreas suggested works fine for me in a new win98 build (incidentally, IE5.5 chokes on the original URL also, throwing an `Invalid syntax error')
Status: RESOLVED → VERIFIED
*** Bug 190854 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.