[Spice-devel] [PATCH spice-protocol] Add Spice URI Scheme document
Marc-André Lureau
marcandre.lureau at gmail.com
Tue Jan 8 12:40:47 UTC 2019
Hi
On Tue, Jan 8, 2019 at 4:24 PM Christophe Fergeau <cfergeau at redhat.com> wrote:
>
> On Wed, Dec 19, 2018 at 06:33:59PM +0400, marcandre.lureau at redhat.com wrote:
> > +URI Parameters
> > +--------------
> > +
> > +A description of host information and URI parameters is provided in
> > +this section. Information on the constraints of various data types is
> > +provided in Section "Data Types". All parameters are considered optional;
> > +however, a client will not be able to connect without sufficient
> > +information.
> > +
> > +A parameter without a specified default value indicates that no
> > +default value is implied by this URI scheme; however, Spice clients
> > +can apply implementation-dependent default behaviors otherwise
> > +consistent with this document.
> > +
> > +The <userinfo> value is deprecated and processed only in an
> > +implementation-specific manner. The <userinfo> component MUST NOT be
> > +generated in an environment where a client supporting an updated URI
> > +format is expected to be available.
>
> I don't think we should deprecate userinfo now, this is coming from the
Rationale? in spice-gtk there is a warning if you make use of it:
g_warning("password may be visible in process listings");
It has been there since:
commit f4d19b3427b8f27fe9bda94c6120379d79b13547
Author: Tiziano Mueller <dev-zero at gentoo.org>
Date: Tue Jan 18 19:53:07 2011 +0100
Use g_free instead of free in fail codepath as well.
Warn if password is provided in the uri.
> VNC URI document, but there they have VncUsername/VncPassword parameters
> which we don't have in the current SPEC.
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
--
Marc-André Lureau
More information about the Spice-devel
mailing list