• From: Julian Reschke <julian.reschke@g...>
• To: David Lee <dlee@c...>
• Date: Mon, 30 Jan 2012 23:55:30 +0100

On 2012-01-30 00:49, David Lee wrote:
> Great link Petite ! Finally someone put words to my vague opinions.
> As for Basic Authentication base64 ... Why the shock ?
> The specs clearly state  base64 is not intended for "encryption" ...
>
> And the facts (IMHO) is that Basic Authentication is no more or less secure
> then
> entering user&  password in form fields.
>
> What shocks *me* is that the intent of base64 is stated to allow more
> characters then HTTP headers allow but then due to the lack of
> encoding/charset specification allows precious few.
> A lot of work for almost nothing.  A simple insertion of the text "UTF8
> encoded prior to base64" would have nailed it.
> ...

If you actually had read the spec, you would know why that doesn't work.

Unless you mean: "back in 1997" (RFC 2068).

Best regards, Julian

• Follow-Ups:
  • RE: RE: Encoding charset of HTTP Basic Authentication
    • From: "David Lee" <dlee@c...>

• References:
  • RE: Encoding charset of HTTP Basic Authentication
    • From: "David Lee" <dlee@c...>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: "Pete Cordell" <petexmldev@c...>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: Petite Abeille <petite.abeille@g...>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: "Pete Cordell" <petexmldev@c...>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: "Pete Cordell" <petexmldev@c...>
  • Re: RE: Encoding charset of HTTP Basic Authentication
    • From: Petite Abeille <petite.abeille@g...>
  • RE: RE: Encoding charset of HTTP Basic Authentication
    • From: "David Lee" <dlee@c...>