Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 38473 invoked from network); 24 Aug 2010 06:09:35 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 24 Aug 2010 06:09:35 -0000 Received: (qmail 83233 invoked by uid 500); 24 Aug 2010 06:09:35 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 82246 invoked by uid 500); 24 Aug 2010 06:09:32 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 82236 invoked by uid 99); 24 Aug 2010 06:09:31 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Aug 2010 06:09:31 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of nrstott@gmail.com designates 209.85.216.173 as permitted sender) Received: from [209.85.216.173] (HELO mail-qy0-f173.google.com) (209.85.216.173) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Aug 2010 06:09:09 +0000 Received: by qyk5 with SMTP id 5so3665749qyk.11 for ; Mon, 23 Aug 2010 23:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=hj/PbhDmDFH3REi6367HjJ89WC9TZc1lNrRXjlgIJtQ=; b=boMTijZvlqQJXL7/OAyN6xtV+AbXvN8EL+ixKK9eryb38KwlEtBMJ73a3z/efg2CCk gYmc1zD8kFxmT2RggEuehKHIp8ln1mD6LT4PgI/qTdDmBeKlwMS8VaU7IAKfHBge5aCW UTt8Uaa3PjW2bYc9GeXRNXHhi/OK0Zs/xEiPY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=m8LsKInhSG6N7KXr/yMzt4OKHBqVJoJxq0NDXsbLJsz63JMa9sWenD2zSZ1InA7pgQ l52oafCNZy1MlFnHJdRrvwWYHJ9c07HpN42ZHID4JBiCIOrAPvAAWM3dj+hoGQlNlDA7 l2XhlK+rillvp85jPSefU32d8gh9wps3PgquA= MIME-Version: 1.0 Received: by 10.229.88.15 with SMTP id y15mr4417273qcl.39.1282630128388; Mon, 23 Aug 2010 23:08:48 -0700 (PDT) Received: by 10.229.223.202 with HTTP; Mon, 23 Aug 2010 23:08:47 -0700 (PDT) In-Reply-To: References: Date: Tue, 24 Aug 2010 01:08:47 -0500 Message-ID: Subject: Re: Bug in Password From: Nathan Stott To: dev@couchdb.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org You can reproduce it easily using curl or a web browser. If your username has an @ in it, you can't use URL authentication successfully even if you url encode the username. On Tue, Aug 24, 2010 at 12:49 AM, Benoit Chesneau wro= te: > On Tue, Aug 24, 2010 at 6:26 AM, Martin Murphy > wrote: >> Couchdb does not properly url decode usernames and passwords in the url. >> >> This prevents the majority of non ASCII characters from being used in ei= ther >> the username and password . =A0 =A0This is a pretty high priority bug im= o. >> >> It prevents couchapp for working on complex passwords and there are no >> alternatives using complex passwords for replication. >> >> It also prevents the very common scenario of using email addresses for >> logins/usernames. =A0(If the logins are to be used with replication). >> >> Thanks for everything. =A0Wish my erlang were better, I would fix this m= yself. >> > > Mmm it is the role oof the client to decode url/password from the url > and pass the right headers to servers. Which client are you using ? > > - benoit >