Sure, this is not safe :)
But it is used in several context, like in my case the couchdb replication
:
http://wiki.apache.org/couchdb/Replication#Run_Replication
You are right that this type of url is incorrect. (
http://www.ietf.org/rfc/rfc1738.txt explicitly says: No user name or
password is allowed
Anyway, I found a workaround for my case, but I thought that grizzly should
support this.
Thanks for your response,
Benoit
2011/7/11 Oleksiy Stashok <oleksiy.stashok_at_oracle.com>
> Hi Benoit,
>
> according to spec [1], HTTP URL is defined as
> http_URL = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
>
> and anyway IMO it's not safe to pass password as part of URL.
>
> You might want to use basic or digest authentication [2].
>
> Thanks.
>
> WBR,
> Alexey.
>
> [1] http://www.w3.org/Protocols/**rfc2616/rfc2616-sec3.html#**sec3.2.2<http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.2>
> [2] http://www.ietf.org/rfc/**rfc2617.txt<http://www.ietf.org/rfc/rfc2617.txt>
>
>
> On 07/10/2011 02:21 PM, Benoit DECHERF wrote:
>
>> Hi,
>>
>> I think there is a bug in the ProcessorTask class:
>> An url with a password like http://user:password@host:**port/ cannot be
>> parsed correctly.
>> Is there a workaround ? I can't find a bug for this. Should I create one
>> or can it be a configuration error in my code ?
>>
>> Benoit
>>
>>
>