Re: Re: hidden source code html

Mike Meyer ([email protected])
Wed, 4 Oct 95 11:00:55 PST


> Well Jon, the original question -- at least, _my_ original Usenet question --
> related to the use of a hyperlink of the form
> ftp://user:[email protected]
> which is permitted, but REALLY STUPID unless the code can be concealed.
> Isn't it?

No, it isn't. That username/password can be used to access an object
that you presumably want everyone who can access the web page
containing that URL to be able to get to. Since they can get the
object from that web page, there shouldn't be any harm in them having
the username/password pair.

Now, if that username/password pair is used to protect something in
addition to the object the URL points at, then something stupid is
going on. It's that someone is trying to use a single
username/password pair to protect two different things at (presumably)
different levels of security. The latter thing should be fixed.

BTW, even if you could encrypt the HTML in some way, you've still got
to prevent the browser from displaying the URL of the document it
fetches, as that will contain the username/password pair as well.

<mike