Hacker Newsnew | comments | show | ask | jobs | submit login

OK, so it'll either add an auth header or not know what to do and refuse to do anything. Either way the password is not sent in the request url



Actually, I mused have screwed up last night. The version of curl I have does support it and does put it into the Auth header.

  % curl --trace-ascii /dev/stdout http://jimktrains:password@news.ycombinator.com
  == Info: About to connect() to news.ycombinator.com port 80 (#0)
  == Info:   Trying 184.172.10.74... == Info: connected
  == Info: Server auth using Basic with user 'jimktrains'
  => Send header, 223 bytes (0xdf)
  0000: GET / HTTP/1.1
  0010: Authorization: Basic amlta3RyYWluczpwYXNzd29yZA==
  .......
Some UAs however, do just drop it. Like IE (http://support.microsoft.com/kb/834489)

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: