-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David,
On 4/12/2011 12:02 PM, David kerber wrote: > On 4/12/2011 11:52 AM, Christopher Schultz wrote: >> >> Why would you think that "&" would be some kind of verboten character >> for a password? > > Because of its uses in windows as a special character (triggering the > underline), and in browsers for marking request parameters. I would be > glad to be wrong, though... Windows filename restrictions have nothing to do with request parameters. Query string parameters have a very specific way to encode characters that would otherwise interfere with the query string. Otherwise, it would not be possible to pass & and ? and = as any request parameter. The fact that the <form> <input> is a "password" makes no difference in how parameters are passed from the client to the server. In any event, the OP was talking about the manager app which is configured by default to use HTTP BASIC authentication, which doesn't use request parameters at all: it uses request headers, and a specific way of safely passing both the username and the password to the server which avoids any problems with the content of those values. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2kickACgkQ9CaO5/Lv0PB/wwCguT0y32fk63+IfR1dPczKHt4z nFEAoJa8LjFBYJQxQi4XHg90GKyiIaPy =9NmY -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
