[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] RE: Encoding charset of HTTP Basic Authentication
- From: Julian Reschke <julian.reschke@gmx.de>
- To: David Lee <dlee@calldei.com>
- Date: Mon, 30 Jan 2012 23:55:30 +0100
On 2012-01-30 00:49, David Lee wrote:
> Great link Petite ! Finally someone put words to my vague opinions.
> As for Basic Authentication base64 ... Why the shock ?
> The specs clearly state base64 is not intended for "encryption" ...
>
> And the facts (IMHO) is that Basic Authentication is no more or less secure
> then
> entering user& password in form fields.
>
> What shocks *me* is that the intent of base64 is stated to allow more
> characters then HTTP headers allow but then due to the lack of
> encoding/charset specification allows precious few.
> A lot of work for almost nothing. A simple insertion of the text "UTF8
> encoded prior to base64" would have nailed it.
> ...
If you actually had read the spec, you would know why that doesn't work.
Unless you mean: "back in 1997" (RFC 2068).
Best regards, Julian
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
