RE: Escaping <\> in HTTP Digest (RFC 2617) from Henrik Nordstrom on 2007-03-25 (ietf-http-wg@w3.org from January to March 2007)

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Sun, 25 Mar 2007 23:51:07 +0200
To: Eric Lawrence <ericlaw@exchange.microsoft.com>
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-Id: <1174859467.16825.21.camel@henriknordstrom.net>

fre 2007-03-23 klockan 13:24 -0700 skrev Eric Lawrence:
> I should clarify that IE removes the escaping before calculating the hash for each directive value.
> 
> Hence IE6 and IE7 behavior are the same in this regard, we still hash "redmond\ericlaw" when username is sent as "redmond\\ericlaw".

If I understand this correctly a server which wishes to interoperate
with IE6 need to be careful in how it dequotes the username-value, and
only remove \ infront of " or \

Regards
Henrik

Received on Sunday, 25 March 2007 21:51:10 UTC