TODO: "Option to refuse usernames in URLs" done

Implemented by Björn in 946ce5b61f
2026-05-16 01:16:21 +03:00 · 2018-06-13 11:24:34 +02:00 · 2018-06-13 11:24:34 +02:00 · 54066f5d09
commit 54066f5d09
parent a0f9670ec9
1 changed files with 0 additions and 11 deletions
--- a/docs/TODO
+++ b/docs/TODO
@ -17,7 +17,6 @@
 All bugs documented in the KNOWN_BUGS document are subject for fixing!

 1. libcurl
- 1.1 Option to refuse usernames in URLs
 1.2 More data sharing
 1.3 struct lifreq
 1.4 signal-based resolver timeouts
@ -189,16 +188,6 @@

 1. libcurl

-1.1 Option to refuse usernames in URLs
-
- There's a certain risk for application in allowing user names in URLs. For
- example: if the wrong person gets to set the URL and manages to set a user
- name in there when .netrc is used, the application may send along a password
- that otherwise the person couldn't provide.
-
- A new libcurl option could be added to allow applications to switch off this
- feature and thus avoid a potential risk.
-
 1.2 More data sharing

 curl_share_* functions already exist and work, and they can be extended to