SP2 IE6 does not contain KB834489 security changes?

[PhiL M.]

I just tested a private FTP service for a friend, and he sent me the URL
in this format:

ftp://username[email protected]

and to my surprise, there was no invalid syntax error message as
outlined by KB article 834489.

http://support.microsoft.com/?kbid=834489

Needless to say, login was successful.


Is this supposed to happen? Shouldn't I get the Invalid Syntax message
mentioned in the article?

Thanks.

 

[Robert Aldwinckle]

I just tested a private FTP service for a friend, and he sent me the URL
in this format:

ftp://username[email protected]

and to my surprise, there was no invalid syntax error message as
outlined by KB article 834489.

http://support.microsoft.com/?kbid=834489

Needless to say, login was successful.


Is this supposed to happen? Shouldn't I get the Invalid Syntax message
mentioned in the article?

Yes; No. The article is about an invalid extension to the http: syntax
which has been disabled for security reasons.

The RFC has always documented support for that syntax for FTP
URLs so there would be less justification to disable its support.
However, the same reasoning applies to justify the discouragement
of that syntax even for FTP use.

<title>KB135975 - How to Enter FTP Site Password in Internet Explorer</title>

Thanks.

HTH

Robert Aldwinckle
---