W3C home > Mailing lists > Public > www-archive@w3.org > February 2014

HTTP Authentication encoding test results

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Fri, 14 Feb 2014 16:18:19 +0100
To: http-auth@ietf.org
Message-ID: <c5csf91be8nro9bet60um78injck0bul5i@hive.bjoern.hoehrmann.de>

  On the German Apache HTTPD users mailing list someone was having
difficulties using non-ascii characters in HTTP Basic Authentication
and posted these test results,

  Password: "E€D$P§äöü123"
  Hex: "45,E2,82,AC,44,24,50,C2,A7,C3,A4,C3,B6,C3,BC,31,32,33"
  Password: "Eâ?¬D$P§äöü123"
  Hex: "45,C3,A2,C2,82,C2,AC,44,24,50,C3,82,C2,A7,C3,83,C2,A4,C3,83,C2,B6,C3,83,C2,BC,31,32,33"
  Internet Explorer
  Password: "E?D$P§äöü123"
  Hex: "45,C2,80,44,24,50,C2,A7,C3,A4,C3,B6,C3,BC,31,32,33"
  Password: "E¬D$P§äöü123"
  Hex: "45,C2,AC,44,24,50,C2,A7,C3,A4,C3,B6,C3,BC,31,32,33"

I analysed these samples and TortoiseSVN does just plain UTF-8, Chrome
does double-UTF-8, and IE and Firefox first apply Windows-1252 and then
UTF-8 on the result. I do recall Firefox doing something worse but could
not find the bug report when I briefly looked for it...
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Friday, 14 February 2014 15:18:45 UTC

This archive was generated by hypermail 2.3.1 : Friday, 14 February 2014 15:18:46 UTC