[thelist] Cold Fusion: cfhttp

Ken Schaefer ken at adOpenStatic.com
Fri Apr 30 23:37:32 CDT 2004 

Hassan,

Why didn't you quote section 3.3 of that same RFC for completeness?, which
explicitly forbids the use of username:password syntax in HTTP URLs, which I
believe is the point that Joshua was trying to make.

<quote>
3.3. HTTP

   The HTTP URL scheme is used to designate Internet resources
   accessible using HTTP (HyperText Transfer Protocol).

   The HTTP protocol is specified elsewhere. This specification only
   describes the syntax of HTTP URLs.

   An HTTP URL takes the form:

      http://<host>:<port>/<path>?<searchpart>

   where <host> and <port> are as described in Section 3.1. If :<port>
   is omitted, the port defaults to 80.  No user name or password is
   allowed.  <path> is an HTTP selector, and <searchpart> is a query
   string. The <path> is optional, as is the <searchpart> and its
   preceding "?". If neither <path> nor <searchpart> is present, the "/"
   may also be omitted.
</quote>

Cheers
Ken

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Hassan Schroeder" <hassan at webtuitive.com>
Subject: Re: [thelist] Cold Fusion: cfhttp


: > That URL construct is, IIRC, a proprietary extension added by IE.
Behind
: > the scenes, IE uses that information to negotiate security with the
server.
:
: FYI:
:
: RFC 1738 -- Uniform Resource Locators (URL) -- December 1994
:
: <extract>
: 3.1. Common Internet Scheme Syntax
:
:     While the syntax for the rest of the URL may vary depending on the
:     particular scheme selected, URL schemes that involve the direct use
:     of an IP-based protocol to a specified host on the Internet use a
:     common syntax for the scheme-specific data:
:
:          //<user>:<password>@<host>:<port>/<url-path>
:
:     Some or all of the parts "<user>:<password>@", ":<password>",
:     ":<port>", and "/<url-path>" may be excluded.  The scheme specific
:     data start with a double slash "//" to indicate that it complies with
:     the common Internet scheme syntax. The different components obey the
:     following rules:
:
:      user
:          An optional user name. Some schemes (e.g., ftp) allow the
:          specification of a user name.
:
:      password
:          An optional password. If present, it follows the user
:          name separated from it by a colon.
:
:     The user name (and password), if present, are followed by a
:     commercial at-sign "@". Within the user and password field, any ":",
:     "@", or "/" must be encoded.
: </extract>
:
: -- 
: Hassan Schroeder ----------------------------- hassan at webtuitive.com
: Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com
:
:                            dream.  code.
:

More information about the thelist mailing list