More study and I lucked on a spec

http://tools.ietf.org/id/draft-reschke-basicauth-enc-00.html

Seems a known and open problem (how long has this been in the wild ? How did it ever work ?)

So follow-on question ...

Does anyone know if this spec or anything like it has been adopted ?

Or do we just all assume the world is "USASCII" as usual ?

I know this is not an "xml" question but maybe someone on this list knows or can point me to the right direction ?

Is there a defined character set for the strings used in user/password in HTTP Basic Authentication ?
I can't find any reference in the W3C specs

http://www.w3.org/Protocols/HTTP/1.0/spec.html#BasicAA

It says its "Base64" encoded but that only makes sense on a byte array not a string.

So what encoding/charset is the string assumed to be ?
I found some apache software that lets you specify this ... but is there any 'standard' ?

Example: if someone uses a   password like   "$BHSED@>(B"

What charset should be used to pass that to the base64 encoding ?

----------------------------------------

David A. Lee

dlee@c...

http://www.xmlsh.org