[Prev][Next][Index][Thread]

Non 8859/1 in Basic Auth



Are non Latin1 characters allowed in Basic Auth. The spec is a little 
ambigous - HTTP 1.1 defines 

       basic-credentials = "Basic" SP basic-cookie
       basic-cookie   = <base64 [7] encoding of user-pass,
                        except not limited to 76 char/line>
       user-pass   = userid ":" password
       userid      = *<TEXT excluding ":">
       password    = *TEXT

Userids might be case sensitive.

where TEXT is formally defined as any octet, but with a caveat.

" Words of
*TEXT may contain characters from character sets other than ISO 8859-1
[22] only when encoded according to the rules of RFC 1522 [14].

       TEXT           = <any OCTET except CTLs,
                        but including LWS>
"

SinceBasic Auth is uuencoded there is no good reason to restrict it.

regards
Tim


-------------------------------------
Tim Greenwood        Open Market Inc
617 679 0320         greenwd@openmarket.com


Follow-Ups: