If I visit the URL with the password embedded into it, for example http://user:pass@localhost, all links on the page will also have user:pass embedded into them. There's no way to disable that?
If you manually input that kind of url in the location field of your browser, that is the normal behavior. If you want to stop that behavior, login properly. Using your example, login using only
http://localhost as the url (with of course HFS running). You will be prompted for username and password and they won't show up in the url.
Reading the past few pages it seems you've been discussing that exact feature and you said it was optional. Or do you mean that the ability to disable it is what's to come?
Yes, that type of scenerio has been discussed, but rejetto didn't implement it. You didn't finish reading the thread. It would be an optional feature,
iF[/i] it was implemented.