OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Re: [xml-dev] RE: Encoding charset of HTTP Basic Authentication

On 2012-01-30 00:49, David Lee wrote:
> Great link Petite ! Finally someone put words to my vague opinions.
> As for Basic Authentication base64 ... Why the shock ?
> The specs clearly state  base64 is not intended for "encryption" ...
> And the facts (IMHO) is that Basic Authentication is no more or less secure
> then
> entering user&  password in form fields.
> What shocks *me* is that the intent of base64 is stated to allow more
> characters then HTTP headers allow but then due to the lack of
> encoding/charset specification allows precious few.
> A lot of work for almost nothing.  A simple insertion of the text "UTF8
> encoded prior to base64" would have nailed it.
> ...

If you actually had read the spec, you would know why that doesn't work.

Unless you mean: "back in 1997" (RFC 2068).

Best regards, Julian

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS