[jcifs] Null pointer exception in ServerMessageBlock.java
Michael B Allen
mba2000 at ioplex.com
Thu Jun 22 19:04:24 GMT 2006
On Thu, 22 Jun 2006 08:35:35 -0400
"Levi Purvis" <jcifs at purvis.ws> wrote:
> > > > Never put your password in the URL.
> > >
> > > Why not?
> >
> > Because it's a security hazard.
>
> Could you elaborate, please?
URLs have a tendency to be passed around, cached, stored in config files
and are generally promiscuous. For example. it's not inconceivable that
a URL could be printed in a stack trace thereby possibly exposing any
password in it to a user in a browser or terminal window.
For real applications, URLs should never contain passwords. It's only
provided as a convenience to the developer for experimental purposes or
for user's who do not require any guarantee of security.
Mike
--
Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization
http://www.ioplex.com/
More information about the jcifs
mailing list