[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 83/150: TODO: 1.1 Option to refuse usernames in URL
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 83/150: TODO: 1.1 Option to refuse usernames in URLs |
Date: |
Fri, 30 Mar 2018 16:48:57 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnurl.
commit f549b2cefea239dae06a4afb0cac1319a3e600b4
Author: Daniel Stenberg <address@hidden>
AuthorDate: Fri Feb 16 09:39:20 2018 +0100
TODO: 1.1 Option to refuse usernames in URLs
Also expanded the CURL_REFUSE_CLEARTEXT section with more ideas.
---
docs/TODO | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/docs/TODO b/docs/TODO
index d9d7f3e3b..f7b5101d3 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -17,6 +17,7 @@
All bugs documented in the KNOWN_BUGS document are subject for fixing!
1. libcurl
+ 1.1 Option to refuse usernames in URLs
1.2 More data sharing
1.3 struct lifreq
1.4 signal-based resolver timeouts
@@ -186,6 +187,16 @@
1. libcurl
+1.1 Option to refuse usernames in URLs
+
+ There's a certain risk for application in allowing user names in URLs. For
+ example: if the wrong person gets to set the URL and manages to set a user
+ name in there when .netrc is used, the application may send along a password
+ that otherwise the person couldn't provide.
+
+ A new libcurl option could be added to allow applications to switch off this
+ feature and thus avoid a potential risk.
+
1.2 More data sharing
curl_share_* functions already exist and work, and they can be extended to
@@ -403,6 +414,12 @@
variable can then help users to block all libcurl-using programs from
accessing the network using unsafe protocols.
+ The variable could be given some sort of syntax or different levels and be
+ used to also allow for example users to refuse libcurl to do transfers with
+ HTTPS certificate checks disabled.
+
+ It could also offer to refuse usernames in URLs (see TODO 1.1)
+
1.27 hardcode the "localhost" addresses
There's this new spec getting adopted that says "localhost" should always and
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 64/150: smtp: fix processing of initial dot in data, (continued)
- [GNUnet-SVN] [gnurl] 64/150: smtp: fix processing of initial dot in data, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 52/150: fnmatch: optimize processing of consecutive *s and ?s pattern characters, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 47/150: time-cond: fix reading the file modification time on Windows, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 67/150: RELEASE-NOTES: synced with e551910f8, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 43/150: time_t-fixes: remove typecasts to 'long' for info.filetime, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 82/150: TODO: 1.7 Support HTTP/2 for HTTP(S) proxies, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 50/150: openssl: Don't add verify locations when verifypeer==0, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 42/150: curl_setup: move the precautionary define of SIZEOF_TIME_T, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 28/150: time: support > year 2038 time stamps for system with 32bit long, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 49/150: build-wolfssl.bat: Extend VC15 support to include Enterprise and Professional, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 83/150: TODO: 1.1 Option to refuse usernames in URLs,
gnunet <=
- [GNUnet-SVN] [gnurl] 57/150: content_encoding: Add "none" alias to "identity", gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 70/150: libcurl-security.3: the http://192.168.0.1/my_router_config case, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 106/150: TODO: remove "sha-256 digest", added in 2b5b37cb9109e7c2, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 85/150: CURLOPT_HEADERFUNCTION.3: fix typo from d939226813, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 73/150: BINDINGS: fix curb link (and remove ruby-curl-multi), gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 122/150: winbuild: prefer documented zlib library names, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 44/150: build: fix termios issue on android cross-compile, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 37/150: build: fix windows build methods for curl_ctype.c, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 75/150: nss: use PK11_CreateManagedGenericObject() if available, gnunet, 2018/03/30
- [GNUnet-SVN] [gnurl] 58/150: schannel: fix "no previous prototype" compiler warning, gnunet, 2018/03/30