TODO: 1.1 Option to refuse usernames in URLs

Also expanded the CURL_REFUSE_CLEARTEXT section with more ideas.

diff --git a/docs/TODO b/docs/TODO
index d9d7f3e3b96c57eed0710e740dd25bdbba981757..f7b5101d36cb9e0898f1a0be82445dadf43e595c 100644 (file)
--- a/docs/TODO
+++ b/docs/TODO
@@ -17,6 +17,7 @@
  All bugs documented in the KNOWN_BUGS document are subject for fixing!
 
  1. libcurl
+ 1.1 Option to refuse usernames in URLs
  1.2 More data sharing
  1.3 struct lifreq
  1.4 signal-based resolver timeouts
@@ -186,6 +187,16 @@
 
 1. libcurl
 
+1.1 Option to refuse usernames in URLs
+
+ There's a certain risk for application in allowing user names in URLs. For
+ example: if the wrong person gets to set the URL and manages to set a user
+ name in there when .netrc is used, the application may send along a password
+ that otherwise the person couldn't provide.
+
+ A new libcurl option could be added to allow applications to switch off this
+ feature and thus avoid a potential risk.
+
 1.2 More data sharing
 
  curl_share_* functions already exist and work, and they can be extended to
@@ -403,6 +414,12 @@
  variable can then help users to block all libcurl-using programs from
  accessing the network using unsafe protocols.
 
+ The variable could be given some sort of syntax or different levels and be
+ used to also allow for example users to refuse libcurl to do transfers with
+ HTTPS certificate checks disabled.
+
+ It could also offer to refuse usernames in URLs (see TODO 1.1)
+
 1.27 hardcode the "localhost" addresses
 
  There's this new spec getting adopted that says "localhost" should always and