JSI Tip 7711. Microsoft plans to release a software update that modifies the default behavior of Internet Explorer for handling user information in HTTP and HTTPS URLs.

Microsoft Knowledge Base Article 834489 contains the following summary:

A security update is available that removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax is no longer supported in Internet Explorer or in Windows Explorer after you install the MS04-004 Cumulative Security Update for Internet Explorer (832894):

http(s):// username : password @ server / resource . ext

This article is intended to notify you of this change in the default behavior of Internet Explorer. If you include user information in HTTP or HTTPS URLs, Microsoft recommends that you explore the workarounds that are described in this article before you install the 832894 security update. For additional information about the 832894 security update, visit the following Microsoft Web site:


For information about the versions of Internet Explorer and Microsoft Windows that are supported by these security updates, see the "Security Update Information" and the "Frequently Asked Questions" sections of the MS04-004 security bulletin.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.