Auth Gábor wrote:
Hi,
I've found a potential bug in the Basic Authentication module. I have users
and some user's username is contains national characters (encoded in UTF-8).
The HTTP header based authentication is fails when the username or the
password contains multibyte characters.
The root of the bug is the Base64 decoder, which decodes the Base64 stream to
char array: converts each byte to individual char, this decode method corrupts
the multibyte characters...
Hi.
Before declaring that this is a bug, I suggest that you read the other
thread entitled "mod_jk codepage in header values".
The main point is : according to the HTTP RFCs, a HTTP header value is
supposed to contain /only/ US-ASCII characters. Some byte values in
UTF-8 encoding are /not/ valid US-ASCII characters, so strictly speaking
and according to the RFC, HTTP headers which would contain them are invalid.
It's a pain, but it's (probably) not a bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org