W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2007

RE: Escaping <\> in HTTP Digest (RFC 2617)

From: Scott Lawrence <scott@skrb.org>
Date: Fri, 23 Mar 2007 23:34:05 +0100
To: Eric Lawrence <ericlaw@exchange.microsoft.com>
Cc: Alexey Melnikov <alexey.melnikov@isode.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <1174689245.3479.17.camel@localhost.localdomain>

On Fri, 2007-03-23 at 11:59 -0700, Eric Lawrence wrote:
> IE7 uses WDigest.dll, which escapes the \ into \\.
> IE6 and previous versions relied on Digest.dll, which did not escape the \.

Why does it do that?  The spec doesn't say anything about escaping
inputs to the hash...

> 
> 
> -----Original Message-----
> From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Alexey Melnikov
> Sent: Saturday, March 17, 2007 2:44 PM
> To: ietf-http-wg@w3.org
> Subject: Escaping <\> in HTTP Digest (RFC 2617)
> 
> 
> Hi,
> I would like to get some feedback on what HTTP Digest implementations do
> with '\' in username/realm/password. For example, if I have a username
> 'example.com\user1', do implementations hash 'example.com\\user1' (i.e.
> the \ is escaped with another \), or just 'example.com\user1' (single
> slash).
> 
> Thanks,
> Alexey
> 
> 
> 
> 
> 
Received on Friday, 23 March 2007 22:33:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:00 GMT