DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24671>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24671 Basic Authentification fails with non-ASCII username/password characters [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Additional Comments From [EMAIL PROTECTED] 2003-11-17 21:38 ------- Mike, I set up Apache http server 2.0.48 on Win2K (Prof), enabled digest authentication for a directory, and created an user account with a password containing German umlauts. I hit the URL with Mozilla Firebird 0.7 and attempted to authenticate using the password. It did not work. I may know why. If the RFC 2617 is to be strictly adhered to, only ASCII characters in passwords should be allowed for basic & digest authentication RFC 2617, Section 2: Basic Authentication Scheme <quote> basic-credentials = base64-user-pass base64-user-pass = <base64 [4] encoding of user-pass, except not limited to 76 char/line> user-pass = userid ":" password userid = *<TEXT excluding ":"> password = *TEXT </quote> RFC 822 defines TEXT as <quote> text = <any CHAR, including bare ; => atoms, specials, CR & bare LF, but NOT ; comments and including CRLF> ; quoted-strings are ; NOT recognized. </quote> RFC 822 defines TEXT as <quote> ; ( Octal, Decimal.) CHAR = <any ASCII character> ; ( 0-177, 0.-127.) </quote> However, I do think that in this instance the spec is too restrictive and we should be using ISO-8859-1 instead of ASCII. So, I reopen the bug. Sorry for having closed it prematurely --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
