Prev: Protocol on pictures and attachments here; Preview bug?
Next: Snow Leopard: access "hidden" files in file selection ?
From: David Empson on 12 Jan 2010 22:15
SpreadTooThin <bjobrien62(a)gmail.com> wrote:

> In the finder you select Finder, Go, Connect to Server.
> Then you enter in a url.
> eg: afp://192.168.1.1/PathName
>
> This pops up a login window. I need to specify the username and
> password in the url.
> Can that be done?

Yes.

afp://username(a)address/path

(which will still prompt for the password), or

afp://username:password(a)address/path

You may need to watch out for caching of a URL which contains the
password.

--
David Empson
dempson(a)actrix.gen.nz
From: VAXman- on 13 Jan 2010 08:41
In article <1jc9mdp.18lgibk1js0ni8N%dempson(a)actrix.gen.nz>, dempson(a)actrix.gen.nz (David Empson) writes:
>SpreadTooThin <bjobrien62(a)gmail.com> wrote:
>
>> In the finder you select Finder, Go, Connect to Server.
>> Then you enter in a url.
>> eg: afp://192.168.1.1/PathName
>>
>> This pops up a login window. I need to specify the username and
>> password in the url.
>> Can that be done?
>
>Yes.
>
>afp://username(a)address/path
>
>(which will still prompt for the password), or
>
>afp://username:password(a)address/path
>
>You may need to watch out for caching of a URL which contains the
>password.

I'd be more concerned about sending username and password in plain text over
any public network.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG

http://www.quirkfactory.com/popart/asskey/eqn2.png

"Well my son, life is like a beanstalk, isn't it?"
From: David Empson on 13 Jan 2010 08:50
<VAXman-(a)SendSpamHere.ORG> wrote:

> In article <1jc9mdp.18lgibk1js0ni8N%dempson(a)actrix.gen.nz>,
> dempson(a)actrix.gen.nz (David Empson) writes:
> >SpreadTooThin <bjobrien62(a)gmail.com> wrote:
> >
> >> In the finder you select Finder, Go, Connect to Server.
> >> Then you enter in a url.
> >> eg: afp://192.168.1.1/PathName
> >>
> >> This pops up a login window. I need to specify the username and
> >> password in the url.
> >> Can that be done?
> >
> >Yes.
> >
> >afp://username(a)address/path
> >
> >(which will still prompt for the password), or
> >
> >afp://username:password(a)address/path
> >
> >You may need to watch out for caching of a URL which contains the
> >password.
>
> I'd be more concerned about sending username and password in plain text over
> any public network.

Depending on how you are using it, the URL in that form doesn't
necessarily mean you are doing that.

For example, in Finder's "Connect to Server" dialog, the URL is parsed
locally and the username and password will be sent securely if the
protocol allows for that (AFP does if the server isn't antique).

Not such a good idea in a web browser.

--
David Empson
dempson(a)actrix.gen.nz
From: VAXman- on 13 Jan 2010 14:22
In article <1jcafpt.vw3i5juvms8hN%dempson(a)actrix.gen.nz>, dempson(a)actrix.gen.nz (David Empson) writes:
><VAXman-(a)SendSpamHere.ORG> wrote:
>
>> In article <1jc9mdp.18lgibk1js0ni8N%dempson(a)actrix.gen.nz>,
>> dempson(a)actrix.gen.nz (David Empson) writes:
>> >SpreadTooThin <bjobrien62(a)gmail.com> wrote:
>> >
>> >> In the finder you select Finder, Go, Connect to Server.
>> >> Then you enter in a url.
>> >> eg: afp://192.168.1.1/PathName
>> >>
>> >> This pops up a login window. I need to specify the username and
>> >> password in the url.
>> >> Can that be done?
>> >
>> >Yes.
>> >
>> >afp://username(a)address/path
>> >
>> >(which will still prompt for the password), or
>> >
>> >afp://username:password(a)address/path
>> >
>> >You may need to watch out for caching of a URL which contains the
>> >password.
>>
>> I'd be more concerned about sending username and password in plain text over
>> any public network.
>
>Depending on how you are using it, the URL in that form doesn't
>necessarily mean you are doing that.
>
>For example, in Finder's "Connect to Server" dialog, the URL is parsed
>locally and the username and password will be sent securely if the
>protocol allows for that (AFP does if the server isn't antique).

MD5-digest?


>Not such a good idea in a web browser.

DEFINITELY not in a browser. I've seen usernames and passwords in Apache
log files from users trying to simplify not having to manually log into a
site using http://username:password(a)site-domain-name

--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG

http://www.quirkfactory.com/popart/asskey/eqn2.png

"Well my son, life is like a beanstalk, isn't it?"
 | 
Pages: 1
Prev: Protocol on pictures and attachments here; Preview bug?
Next: Snow Leopard: access "hidden" files in file selection ?