W3C home > Mailing lists > Public > www-international@w3.org > July to September 1996

Non 8859/1 in Basic Auth

From: Tim Greenwood <greenwood@OpenMarket.com>
Date: Fri, 13 Sep 1996 15:30:51 +0000
Message-Id: <199609131928.PAA03832@mail.openmarket.com>
To: www-international@w3.org
Are non Latin1 characters allowed in Basic Auth. The spec is a little 
ambigous - HTTP 1.1 defines 

       basic-credentials = "Basic" SP basic-cookie
       basic-cookie   = <base64 [7] encoding of user-pass,
                        except not limited to 76 char/line>
       user-pass   = userid ":" password
       userid      = *<TEXT excluding ":">
       password    = *TEXT

Userids might be case sensitive.

where TEXT is formally defined as any octet, but with a caveat.

" Words of
*TEXT may contain characters from character sets other than ISO 8859-1
[22] only when encoded according to the rules of RFC 1522 [14].

       TEXT           = <any OCTET except CTLs,
                        but including LWS>
"

SinceBasic Auth is uuencoded there is no good reason to restrict it.

regards
Tim


-------------------------------------
Tim Greenwood        Open Market Inc
617 679 0320         greenwd@openmarket.com
Received on Friday, 13 September 1996 15:28:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 19:16:45 GMT