[jcifs] Re: SMB URL encoding/decoding

Michael B Allen mballen at erols.com
Sun Feb 24 13:32:25 EST 2002

On Sat, 23 Feb 2002 19:51:23 -0600
"Christopher R. Hertel" <crh at ubiqx.org> wrote:

> > the exception of the most trivial of URLs. It only decodes the host,
> > port, file (path), and ref components and it will certainly fail to do
> > even that with anything that has arbitrary characters in the password
> > of some auth info.
> > 
> >   http://java.sun.com/products/jdk/1.2/docs/api/java/net/URL.html
> Which arbitrary characters?  This is where precedence comes in.  If you
> parse based on the '/' character first (and escape any '/' characters in the
> <server> string) then you will never get confused by '@'s elsewhere in the
> URL.

You can have ANY characters in a password. So there's NO way to traverse
it. You HAVE to come in from the end looking for something and when I did
this it was determined that '@' was what I looked for. I don't remember
exactly why I did what I did but I rememeber mulling it over pretty hard.

> I will try to get time to look at the link above.
> > Perhaps we could just drop the authentication creadentials and pass them
> > as QUERY_STRING parameters instead.
> No, because the generic URL/URI syntax already supports the use of
> credentials as part of the <server> field.  RFC2396:

Ok, nobody seems to like that idea. Forgotten.

> > > As with most parsers, there is an operator hierarchy.  I *think* that
> > > the '/' character is higher precedence than th '@' but I am not sure,
> > > as I haven't looked at it recently.
> > 
> > I don't see how assigning precidence helps.
> Consider:
> ftp://user:pass@foo.com/some/dir/im@home/text.txt
> If the '/' has precedence over '@' then the parse tree is (roughly):
>                         ["://"]
>                           / \
>            [scheme: "FTP"]  ['/']
>                              / \
> [server: "user:pass at foo.com"]  [abs_path: "some/dir/im at home/text.txt"]

Well, then assigning "operator hierarchy" is inherent to parsing. I
wasn't sure what you meant. At any rate, you can't do this because '/'
can appear in a password. It's a pretty rare character to appear in a
password though. I suppose we could make users URL encode a '/' in the
password and then disect by '/' like you have above. That would be
wonderfully easy actually and cause far less confusion.


May The Source be with you.

More information about the jcifs mailing list