6.17. Accessing Credentials Embedded in URLs

. Problem

You know people access your site using URLs with embedded credentials, such as http://user:password@host/, and you want to extract them from the URL for validation or other purposes.

. Solution

None; this is a nonissue that is often misunderstood.

. Discussion

For nonproxy requests, this doesn't even exist; the browser dissects the URL and turns it into the appropriate request header fields (i.e., WWW-Authenticate). For proxy requests, who knows?