76
submitted 7 months ago by petsoi@discuss.tchncs.de to c/linux@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] lemmyreader@lemmy.ml 35 points 7 months ago

Daisuke fixed a 22-year old bug and we now prevent passwords in URLs from being saved in history!

Interesting.

[-] xlash123@sh.itjust.works 31 points 7 months ago

RIP that one guy who relied on this bug. He's gonna have to create a bookmark now, which will ruin his whole workflow.

[-] catloaf@lemm.ee 10 points 7 months ago

That's good, but out of scope for a browser, really. Also there shouldn't be passwords in URLs!

[-] PlusMinus@lemmy.world 19 points 7 months ago
[-] catloaf@lemm.ee 2 points 7 months ago

I forgot about that. It shouldn't, these days.

[-] bmarinov@lemmy.world 1 points 7 months ago

It is one of the easier ways to globally configure git auth for private Go packages.

[-] ____@infosec.pub 2 points 7 months ago

I have this exact use case on a work machine, because the proxy flat refuses to prompt for the login, just goes straight to deny.

I own neither the proxy, nor the steaming heap of code that lives behind it, and I’m grateful for that every single day…

[-] flashgnash@lemm.ee 8 points 7 months ago

That just seems like crappy website design

[-] strcrssd@kbin.social 12 points 7 months ago

It has nothing to do with website design. It's part of the HTTP protocol. A poor part in today's understanding and use cases, but in the 90s it would have made sense.

[-] flashgnash@lemm.ee 2 points 7 months ago

We're both talking about route parameters right?

[-] Ghoelian@lemmy.dbzer0.com 6 points 7 months ago

I think they're talking about basic Auth, with which you can pass credentials in a URL like this:

https://username:password@website.com

[-] flashgnash@lemm.ee 2 points 7 months ago

I thought basic Auth was where you base64 encoded the username and password and sent it as the Authorization header

[-] Ghoelian@lemmy.dbzer0.com 3 points 7 months ago* (last edited 7 months ago)

That is also a form of basic auth, you still pass the credentials like "username:password", optionally base64 encoded but I don't believe that's required.

Edit: actually, after looking into it a bit more, it seems like passing credentials in the url will actually cause the browser to send it as an authorization header instead. So in essence it's doing the same thing.

[-] AnUnusualRelic@lemmy.world 3 points 7 months ago

Oh wow, I'm pretty sure I reported this for Navigator.

this post was submitted on 02 Apr 2024
76 points (98.7% liked)

Linux

48080 readers
780 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS