> Well Jon, the original question -- at least, _my_ original Usenet question --
> related to the use of a hyperlink of the form
> ftp://user:password@ftp.some.site.uk
> which is permitted, but REALLY STUPID unless the code can be concealed.
Not at all. There is such a link at the bottom of my personal page
(see sig for URL). However, it is perfectly secure because the password
part must be supplied by anyone attempting to traverse the link. (Even
more secure in my case, as we use Kerberos authentication).
Also, in the case of public access accounts for kiosks, etc it might be
perfectly acceptable to disclose both the username and password.
Also, HTML might be generated on the fly, or used within a secure
environment. For example, filling in a form and supplying credit card
details might generate on the fly some html with instructions on using
some demonstration software, plus a link of the form you have described
giving a guest account and the password du jour to try it out.
-- Chris Lilley, Technical Author +-------------------------------------------------------------------+ | Manchester and North HPC Training & Education Centre | +-------------------------------------------------------------------+ | Computer Graphics Unit, Email: Chris.Lilley@mcc.ac.uk | | Manchester Computing Centre, Voice: +44 161 275 6045 | | Oxford Road, Manchester, UK. Fax: +44 161 275 6040 | | M13 9PL BioMOO: ChrisL | | URI: http://info.mcc.ac.uk/CGU/staff/lilley/lilley.html | +-------------------------------------------------------------------+