Re: Non-anonymous FTP - Problems when Password contains '#'

From: Michael Pelletier <mikep@dont-contact.us>
Date: Tue, 25 Nov 1997 15:41:32 -0500 (EST)

On Tue, 25 Nov 1997, Martin Boening wrote:

> I don't know if this problem has been addressed before:
>
> we have a user who wants to retrieve some Software via FTP from some
> customer support server. He has a login with a password containing a hash.
> This leeads to problems with squid's ftpget program on squid versions
> 1.1.14 as well as 1.1.16. The program seems to strip everything from the
> hash (#) including the hash itself. This leads to the error message
> 'Invalid URL syntax'.
>
> E.g., If I try, by way of a test, to access
>
> ftp://mboen:foo#bar@ftp.uu.net
>
> What can I do about this? Can I hack the URL parsing routines? Did someone
> already?

This is not a problem with Squid, it's a problem inherent in the
fundamental design of the whole URL concept. From RFC1945, section 3.2.1
<http://andrew2.andrew.cmu.edu/rfc/rfc1945.html>:

        unsafe = CTL | SP | <"> | "#" | "%" | "<" | ">"

Ie, "#" is an "unsafe" character in a URL. So, in order to use the hash
mark in his password, he'd have to use a percent hex-escape, as in "%23",
to encode the hash mark. Personally, I'd recommend changing the password
to something that doesn't include the objectionable characters, rather
than hacking Squid or using the %-escape.

        -Mike Pelletier.
Received on Tue Nov 25 1997 - 12:44:15 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:44 MST