[Prev][Next][Index][Thread]

Re: Non 8859/1 in Basic Auth



I think what happened was that originally TEXT didn't allow encoding,
until it was pointed out that some TEXT fields returned messages that
might need to be non-ISO-8859-1. However, the use of TEXT in basic &
digest authentication for user name & password means that if you have
a non-ISO-8859-1 character string, you might wind up base64 encoding
it twice:

a) real userid base64 encoded using RFC1522
  e.g.,  =?ISO-8859-2?B?dSB1bmRlcnN0YW5kIHRoZSBleGFtcGxlLg==?=
b) userid:password base64 encoded in basic-cookie.

This is pretty unsatisfactory; also RFC1522 encoding has optional
variants, but probably there is no authentication client that would
accept any of them, much less multiple.

Since everyone is really to trash basic authentication anyway ("Use
Digest Or Better"), perhaps it's not worth fixing it, but maybe it is
worth fixing for digest or its followons.

Regards,

Larry


References: