[www-international] <none> from Doug Knoll on 2001-10-25 (www-international@w3.org from October to December 2001)

From: Doug Knoll <doug.knoll@welocalize.com>
Date: Thu, 25 Oct 2001 11:08:18 -0400
To: <www-international@w3.org>
Message-ID: <004001c15d66$e16f0000$7064a8c0@frederick.welocalize.com>

I hope this is an appropriate question for www-international. It concerns
the behavior of HHTP authentication in a multilingual environment.
We have a product that basically sits at the firewall and monitors http
traffic passively. One of the things we need to be able to do on occasion is
authenticate someone. To do that, we send an HTTP authentication request to
the browser, causing the client to enter a username and password. We use
that username to look up that particular user.
This is a multilingual system, which uses Unicode internally. The problem
is, how to convert the username we get back into Unicode?
It seems that the authentication data sent from the browser in response to a
server request is supplied in the platform codepage of the system that the
browser is running on.

In other words, on Japanese windows, the username comes back in cp932, on a
french windows machine, the username comes back in cp1252, on a Solaris
machine, it comes back in whatever the platform encoding is set to.

What is the best way to determine the encoding of the username string, given
that the server is intended to support a multilingual userbase?

Some thoughts:

I know that it is possible to attempt to detect the encoding of a string
through some heuristics. In particular, usernames are a tighter domain than
strings in general, so in theory it would be possible to attempt to
autodetect the encoding. Unfortunately, given the small size of the sample,
it probably isn't possible to reliably differentiate between things like
EUC-JP and cp932. (Yes, the client might be running a browser on a unix box)

Is it possible to query the browser and discover the platform it is running
on? We could insert a page that redirected to the intended target page, if
it was possible to embed code that performed such a detection. If we could
get back information on the platform or the locale that the browser was
running on, that would be ideal.

I'm sure people have built global systems before that used HTTP
authentication. Anyone have a nice solution for this?

Thanks for any advice.

Doug Knoll



Douglas Knoll
Welocalize.com

Received on Thursday, 25 October 2001 11:10:46 UTC