I found on Assembla's webhook tool possibility to integrate with twitter. To do this assembla uses such url:
http://username:[email protected]/statuses/update.xml
How twitter handles that kind of URL? Is this some standard? Does it require some special logic to perform login when someone POST data for URL with username:password? How can it be done in some web frameworks like RoR or Django?
Is this type of passing authentication data secure? (looks like not but maybe I'm missing something)
Its called Basic Authentication, supported by all the major browsers. It's also very insecure using HTTP. Here is a link to a Django implementation that adds Basic Auth to its security authentication chain. link
EDIT: Basic Auth is considered secure when using HTTPS but has other issues, it is the lowest common denominator when it comes to authentication but not ideal in a lot of situations.
It's part of the HTTP 1.0 spec. See www.w3.org/Protocols/HTTP/1.0/spec.html#BasicAA
In terms of how it can be handled on the server side, no matter what framework is used the URL can be parsed to extract the username and password. In your twitter URL example, you can see how it would be parsed by visiting:
http://urlparser.com/?linkFrom=so1&url=http%3A//username%[email protected]/statuses/update.xml