authority's userinfo?

solderpunk solderpunk at SDF.ORG
Wed Jun 10 21:22:59 BST 2020

Previous message (by thread): authority's userinfo?
Next message (by thread): A client SHOULD NOT send the fragment part of a URL to the server?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 09, 2020 at 08:58:04PM +0200, Petite Abeille wrote:
> How is gemini meant to deal with authority's userinfo? 
> 
> E.g. 
> 
> gemini://username:password@mozz.us/
> gemini://username@mozz.us/
> 
> Orthodox? 
> 
> If so, how does the server communicate authentication failure back to the client?  
> 
> Thoughts?

I have to admit I was not thrilled to see this come up, predictably
enough.  But you're, of course, right, this is a defined part of the URI
spec.  And, in fact, because clients are already specced as sending a
URL to the server, nothing needs to be done to make this valid.  Most
URL-parsing libraries will probably make it very easy for the server to
extract the username and password.  So, if servers want to make use of
this information, I guess they can.  They can even make use of statuses
10 and 11 to let users setup usernames and passwords.

For this to "catch on", client authors would need to add some support to
make it easy to add this information to queries.  I am not very keen to
add extra status codes to facilitate this.  We already have status codes
in there for an authentication system which has quite some strengths
compared to this (non-brute forcability, much reduced risk of accidental
password leakage through URL copying and pasting, etc.).

Cheers,
Solderpunk

Previous message (by thread): authority's userinfo?
Next message (by thread): A client SHOULD NOT send the fragment part of a URL to the server?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list