Cart
[Home] [By Thread] [By Date] [Recent Entries]
Great link Petite ! Finally someone put words to my vague opinions. As for Basic Authentication base64 ... Why the shock ? The specs clearly state base64 is not intended for "encryption" ... And the facts (IMHO) is that Basic Authentication is no more or less secure then entering user & password in form fields. What shocks *me* is that the intent of base64 is stated to allow more characters then HTTP headers allow but then due to the lack of encoding/charset specification allows precious few. A lot of work for almost nothing. A simple insertion of the text "UTF8 encoded prior to base64" would have nailed it. -David ---------------------------------------- David A. Lee dlee@c... http://www.xmlsh.org -----Original Message----- From: Petite Abeille [mailto:petite.abeille@g...] Sent: Sunday, January 29, 2012 6:31 PM To: xml-dev Subject: Re: RE: Encoding charset of HTTP Basic Authentication On Jan 29, 2012, at 11:15 PM, Pete Cordell wrote: > Holy s*** you're right. Hyperventilating? :P Take a deep breath and go back on reading about this interesting topic: http://iang.org/ssl/wytm.html To bring this back closer to home... how does one represent a form feed in XML 1.0?!?!? :D _______________________________________________________________________ XML-DEV is a publicly archived, unmoderated list hosted by OASIS to support XML implementation and development. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Or unsubscribe: xml-dev-unsubscribe@l... subscribe: xml-dev-subscribe@l... List archive: http://lists.xml.org/archives/xml-dev/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
