DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24671>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24671 Basic Authentification fails with non-ASCII username/password characters ------- Additional Comments From [EMAIL PROTECTED] 2003-11-22 21:40 ------- Well, I've spent a lot more time working on this than I would have thought. It seems there may not be a good, universal solution for this problem. Originally I was thinking that we should just switch over to 8859-1 for digest user names and passwords, like we did for basic authentication. After some more researching and testing it seems that this may not be the correct answer. To test this problem I'm using Apache HTTPD 2.0.40. I tried using Tomcat, but was unable to get it working with Digest. It seems that Apache uses UTF-8 to encode the user name and password. Not only does this mean that UTF-8 must be used when calculating the digest, it also means that the Authorization header must be sent as UTF-8. This is due to the fact that the digest username is sent as a header parameter. When using Basic authentication I was unable to use non-ASCII characters with Apache. I found the following two threads that discuss the problem with non-ASCII charsets and HTTP authentication, unfortunately neither of them seem to come to a complete conclusion: <http://lists.w3.org/Archives/Public/ietf-http-wg-old/1998SepDec/0040.html> <http://lists.w3.org/Archives/Public/ietf-http-wg/2003AprJun/0002.html> I will attach shortly two patches that I used to test this problem, one for UTF-8 and the other for ISO-8859-1. Unless we can come up with a better solution for this I suggest that we stick to ASCII for 2.0 and add a configuration item for 2.1 that determines that charset to use for authentication. What does everyone think? Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
