- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Tue, 20 Mar 2007 12:15:33 +0100
- To: Alexey Melnikov <alexey.melnikov@isode.com>
- Cc: ietf-http-wg@w3.org
Received on Tuesday, 20 March 2007 11:15:36 UTC
lör 2007-03-17 klockan 21:43 +0000 skrev Alexey Melnikov:
> Hi,
> I would like to get some feedback on what HTTP Digest implementations do
> with '\' in username/realm/password. For example, if I have a username
> 'example.com\user1', do implementations hash 'example.com\\user1' (i.e.
> the \ is escaped with another \), or just 'example.com\user1' (single
> slash).
The implementation in Squid takes the RFC literal and just removes the
quotes, hashing the escaped string as-is.
2617 3.2.1 definition of algorithm
The
notation unq(X) means the value of the quoted-string X without the
surrounding quotes.
2616 2.2 definition of quoted-string
quoted-string = ( <"> *(qdtext | quoted-pair ) <"> )
qdtext = <any TEXT except <">>
quoted-pair = "\" CHAR
Which reminds me... the above definition isn't good..
Regards
Henrik
Received on Tuesday, 20 March 2007 11:15:36 UTC