[jcifs] Re: SMB URL encoding/decoding
teilo at teilo.net
Sun Feb 24 12:35:09 EST 2002
Michael B Allen wrote:
>On Sat, 23 Feb 2002 15:10:11 -0600
>"Christopher R. Hertel" <crh at ubiqx.org> wrote:
>>Well, the first comment is that the SMB URL needs to meet the requirements
>>of a URL string as described in RFC 2396. There are two reasons for this.
>>The first is that IETF will never accept it if it doesn't, and the second is
>Why wouldn't they if it followed the ftp RFC James is referencing?
>>that most of the browsers out there have generic URL parsers. Java also has
>>a generic URL parser, IIRC.
>But it's very limited. You have to pretty much override it entirely with
>the exception of the most trivial of URLs. It only decodes the host,
>port, file (path), and ref components and it will certainly fail to do
>even that with anything that has arbitrary characters in the password
>of some auth info.
>Perhaps we could just drop the authentication creadentials and pass them
>as QUERY_STRING parameters instead.
Oh god I hope not... All the popular URLs have user:pass at host so can we
keep to convention?
>In practice it would probably be
>easier to work with anyway instead of piecing together user info to build
>a full URL. Or maybe just drop the password field since it's the culprit
>and source of security concerns cited elsewhere for obvious reasons.
Just because the tool is there doesn't meen you have to use it...
>Let's not loose the focus of the real problem here though. SMB servers
>allow the '@' sign but the various URL RFC's do not.
As do HTTP servers - FTP servers... why is the smb url the special case?
>If we can circumvent
>this one issue it will not be necessary to URL encode/decode anything.
>>As with most parsers, there is an operator hierarchy. I *think* that the
>>'/' character is higher precedence than th '@' but I am not sure, as I
>>haven't looked at it recently.
>I don't see how assigning precidence helps.
ditto. I think it just makes things more complex.
Would be nice to see the comments from the URI guys ;-)
More information about the jcifs