W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2007

RE: Escaping <\> in HTTP Digest (RFC 2617)

From: Eric Lawrence <ericlaw@exchange.microsoft.com>
Date: Fri, 23 Mar 2007 13:24:38 -0700
To: Eric Lawrence <ericlaw@exchange.microsoft.com>, Alexey Melnikov <alexey.melnikov@isode.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <8301DE7F96C0074C8DA98484623D7E51135B508965@DF-MASTIFF-MSG.exchange.corp.microsoft.com>

I should clarify that IE removes the escaping before calculating the hash for each directive value.

Hence IE6 and IE7 behavior are the same in this regard, we still hash "redmond\ericlaw" when username is sent as "redmond\\ericlaw".

-Eric

-----Original Message-----
From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Eric Lawrence
Sent: Friday, March 23, 2007 12:00 PM
To: Alexey Melnikov; ietf-http-wg@w3.org
Subject: RE: Escaping <\> in HTTP Digest (RFC 2617)


IE7 uses WDigest.dll, which escapes the \ into \\.
IE6 and previous versions relied on Digest.dll, which did not escape the \.

Thanks,

Eric Lawrence
Program Manager
Internet Explorer Networking


-----Original Message-----
From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Alexey Melnikov
Sent: Saturday, March 17, 2007 2:44 PM
To: ietf-http-wg@w3.org
Subject: Escaping <\> in HTTP Digest (RFC 2617)


Hi,
I would like to get some feedback on what HTTP Digest implementations do
with '\' in username/realm/password. For example, if I have a username
'example.com\user1', do implementations hash 'example.com\\user1' (i.e.
the \ is escaped with another \), or just 'example.com\user1' (single
slash).

Thanks,
Alexey
Received on Friday, 23 March 2007 20:26:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:00 GMT