Hi,
André Warnier wrote:
>> I've found a potential bug in the Basic Authentication module. I have
>> users and some user's username is contains national characters (encoded
>> in UTF-8). The HTTP header based authentication is fails when the
>> username or the password contains multibyte characters.
>>
>> The root of the bug is the Base64 decoder, which decodes the Base64
>> stream to char array: converts each byte to individual char, this decode
>> method corrupts the multibyte characters...
> Before declaring that this is a bug, I suggest that you read the other
> thread entitled "mod_jk codepage in header values".
I've read that.
> The main point is : according to the HTTP RFCs, a HTTP header value is
> supposed to contain /only/ US-ASCII characters. Some byte values in
> UTF-8 encoding are /not/ valid US-ASCII characters, so strictly speaking
> and according to the RFC, HTTP headers which would contain them are
> invalid. It's a pain, but it's (probably) not a bug.
Hmm... the Basic Authorization header like this:
Authorization: BASIC w7pzZXJfMDA3MjpqZWxzem8xMkFB
Where do you see non US-ASCII character in the header? :)
Gábor Auth
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
