[jcifs] Null pointer exception in ServerMessageBlock.java

Michael B Allen mba2000 at ioplex.com
Thu Jun 22 19:04:24 GMT 2006

On Thu, 22 Jun 2006 08:35:35 -0400
"Levi Purvis" <jcifs at purvis.ws> wrote:

> > > > Never put your password in the URL.
> > >
> > > Why not?
> >
> > Because it's a security hazard.
> Could you elaborate, please?

URLs have a tendency to be passed around, cached, stored in config files
and are generally promiscuous. For example. it's not inconceivable that
a URL could be printed in a stack trace thereby possibly exposing any
password in it to a user in a browser or terminal window.

For real applications, URLs should never contain passwords. It's only
provided as a convenience to the developer for experimental purposes or
for user's who do not require any guarantee of security.


Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization

More information about the jcifs mailing list