Re: [thredds] [Opendap-tech] User and password in URL location file for NCML

To: John Caron <caron@xxxxxxxxxxxxxxxx>
Subject: Re: [thredds] [Opendap-tech] User and password in URL location file for NCML
From: Rob De Almeida <roberto@xxxxxxxxxxxxx>
Date: Thu, 11 Oct 2007 20:49:45 -0300

John Caron wrote:

I have been reluctant to add username:password support because:

  1. it's so obviously insecure. IE apparentlly no longer supports it, at least 
as a default.
2. i believe username:password is not really part of a URL, but something the client (eg browser) parses and transforms to HTTP headers.

It is part of the URL/URI scheme (RFC 1738 and 2396), but the RFCsexplicitly recommend against its use. But I think that in cases likethis the syntax is useful, and if you use digest authentication thepassword is secure.


--Rob

References:
- [thredds] User and password in URL location file for NCML
  - From: "Antonio S. Cofiño"
- Re: [thredds] User and password in URL location file for NCML
  - From: John Caron