[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: RE: Encoding charset of HTTP Basic Authentication
My understanding is that Basic is essentially considered insecure. I'd be surprised if modern browsers support it because it opens the way to a man-in-the-middle downgrade attack. Hence I guess it's remained undefined for so long because even if it was fixed, nobody should use it. I would be surprised if the draft mentioned below got anywhere in the IETF. HTH, Pete Cordell Codalogic Ltd Interface XML to C++ the easy way using C++ XML data binding to convert XSD schemas to C++ classes. Visit http://codalogic.com/lmx/ or http://www.xml2cpp.com for more info ----- Original Message ----- From: "David Lee" <dlee@calldei.com> To: <xml-dev@lists.xml.org> Sent: Sunday, January 29, 2012 7:53 PM Subject: RE: Encoding charset of HTTP Basic Authentication > More study and I lucked on a spec > > > > http://tools.ietf.org/id/draft-reschke-basicauth-enc-00.html > > > > Seems a known and open problem (how long has this been in the wild ? How > did > it ever work ?) > > So follow-on question ... > > > > Does anyone know if this spec or anything like it has been adopted ? > > Or do we just all assume the world is "USASCII" as usual ? > > > > > > > > > > ---------------------------------------- > > David A. Lee > > dlee@calldei.com > > http://www.xmlsh.org > > > > From: David Lee [mailto:dlee@calldei.com] > Sent: Sunday, January 29, 2012 2:43 PM > To: xml-dev@lists.xml.org > Subject: Encoding charset of HTTP Basic Authentication > > > > I know this is not an "xml" question but maybe someone on this list knows > or > can point me to the right direction ? > > > > Is there a defined character set for the strings used in user/password in > HTTP Basic Authentication ? > I can't find any reference in the W3C specs > > > > http://www.w3.org/Protocols/HTTP/1.0/spec.html#BasicAA > > > > It says its "Base64" encoded but that only makes sense on a byte array not > a > string. > > So what encoding/charset is the string assumed to be ? > I found some apache software that lets you specify this ... but is there > any > 'standard' ? > > > > Example: if someone uses a password like "飯ç°è¥¿" > > > What charset should be used to pass that to the base64 encoding ? > > > > ---------------------------------------- > > David A. Lee > > dlee@calldei.com > > http://www.xmlsh.org > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|