hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 24671] - Basic Authentification fails with non-ASCII username/password characters
Date Sat, 22 Nov 2003 23:19:11 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24671>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24671

Basic Authentification fails with non-ASCII username/password characters





------- Additional Comments From becke@u.washington.edu  2003-11-22 23:19 -------
Oleg,

I agree, setting a different charset for a single header is not good.  If we were to implement
this for 
real I think we would want a config option for all the headers.  The only question then would
be if 
we want to allow another different charset for for the username/password before they are 
digested/base64 encoded.

Though using charsets other than ASCII for user names/password does not jibe well with RFC

2616/17, there is no standard solution for handling these cases.  Is seems that different
vendors 
have made different choices for supporting non-ASCII values in credentials.  To be a good
client I 
think we need to be flexible in how we support authentication.

As for 2.0 do you think we should roll back the support for 8859-1 values in basic authentication?

Mike

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message