On Apr 19, 2015, at 1:14 AM, Jens Alfke < email@hidden> wrote: On Apr 18, 2015, at 7:36 PM, Daryle Walker < email@hidden> wrote:
I don’t really get what these protection spaces are, and my tool’s model should have the username & password be applicable to any URL submitted, and therefore any potential protection space.
A stored credential is associated with a specific URL or domain or whatever — a protection space — to keep its sensitive data from being leaked to unrelated sites. Will I get into problems if I keep the callback as above?
It should be fine, although it seems suspect to have a username/password and blindly try to send them to every HTTP server you encounter. Generally you don’t want to send a password to another party except when you’re fairly sure it’s the party that owns the account.
The most likely scenario would be using these options while submitting a single URL, but I don’t feel like ending the program with an error if there are multiple URLs while using the username & password options. (If the list of URLs are from the same site, they actually could use the same credential!) Also, looking at NSURLProtectionSpace, creating a custom space is non-trivial; so it’s nice that it’s not needed here.
I just discovered that HTTP resources will use the credential object and ignore in-URL user-names and passwords, FTP resources are the other way! Maybe I’ll mutate submitted URLs to add the username and password if they don’t already have one.
— Daryle Walker
Mac, Internet, and Video Game Junkie
darylew AT mac DOT com
|