[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Review Request: Make the http kioslave use credentials provided
From:       Richard Moore <richmoore44 () gmail ! com>
Date:       2009-07-08 22:49:12
Message-ID: 5491a5150907081549s262de64ar7d6fb60602696be9 () mail ! gmail ! com
[Download RAW message or body]

I would say we should reject this patch. Including the credentials in
this way is flawed as it allows intermediate proxies to record the
credentials introducing a security hole. We should not allow this. The
specified use case of RPC over HTTP can already be accomplished in
numerous other ways (including directly using Basic or other
authentication through KIO or via XMLHttpRequest).

Cheers

Rich.
[prev in list] [next in list] [prev in thread] [next in thread]