RE: [xml-dev] RE: Encoding charset of HTTP Basic Authentication

["David Lee" <dlee@calldei.com>]

Great link Petite ! Finally someone put words to my vague opinions. 
As for Basic Authentication base64 ... Why the shock ? 
The specs clearly state  base64 is not intended for "encryption" ... 

And the facts (IMHO) is that Basic Authentication is no more or less secure
then
entering user & password in form fields.

What shocks *me* is that the intent of base64 is stated to allow more
characters then HTTP headers allow but then due to the lack of
encoding/charset specification allows precious few.
A lot of work for almost nothing.  A simple insertion of the text "UTF8
encoded prior to base64" would have nailed it.

-David




----------------------------------------
David A. Lee
dlee@calldei.com
http://www.xmlsh.org


-----Original Message-----
From: Petite Abeille [mailto:petite.abeille@gmail.com] 
Sent: Sunday, January 29, 2012 6:31 PM
To: xml-dev
Subject: Re: [xml-dev] RE: Encoding charset of HTTP Basic Authentication



On Jan 29, 2012, at 11:15 PM, Pete Cordell wrote:

> Holy s*** you're right. 

Hyperventilating? :P

Take a deep breath and go back on reading about this interesting topic:

http://iang.org/ssl/wytm.html

To bring this back closer to home... how does one represent a form feed in
XML 1.0?!?!? :D
_______________________________________________________________________

XML-DEV is a publicly archived, unmoderated list hosted by OASIS
to support XML implementation and development. To minimize
spam in the archives, you must subscribe before posting.

[Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
Or unsubscribe: xml-dev-unsubscribe@lists.xml.org
subscribe: xml-dev-subscribe@lists.xml.org
List archive: http://lists.xml.org/archives/xml-dev/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php