You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Rasmus Lerdorf <ra...@lerdorf.on.ca> on 1998/11/11 02:06:35 UTC
Strange auth bug
I am trying to track down a weird bug here. Just wondering if anybody has
run across something similar.
When I authenticate on a page using a user id of: tätär
and a password of: blah
IE sends an Authorization header which looks like this:
Basic dOR05HI6YmxhaA==
while Netscape sends:
Basic dOR0
What gives? Unless I missed something, this looks like a pretty basic
browser bug.
I am testing with Navigator 4.5 on Win98 and IE5.
-Rasmus
Re: Strange auth bug
Posted by Dean Gaudet <dg...@arctic.org>.
On Wed, 11 Nov 1998, Ben Laurie wrote:
> I'll wager Netscape are using a signed char in their base 64 encoder...
That's what I was going to suggest. If it's linked shared you could tweak
the isfoo() table (whatever it's called) so that it has entries 128..255
duplicated at -128..-1... might fix it.
Dean
Re: Strange auth bug
Posted by Ben Laurie <be...@algroup.co.uk>.
Rasmus Lerdorf wrote:
>
> I am trying to track down a weird bug here. Just wondering if anybody has
> run across something similar.
>
> When I authenticate on a page using a user id of: tätär
> and a password of: blah
>
> IE sends an Authorization header which looks like this:
>
> Basic dOR05HI6YmxhaA==
>
> while Netscape sends:
>
> Basic dOR0
>
> What gives? Unless I missed something, this looks like a pretty basic
> browser bug.
I'll wager Netscape are using a signed char in their base 64 encoder...
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
Re: Strange auth bug
Posted by Manoj Kasichainula <ma...@io.com>.
On Tue, Nov 10, 1998 at 08:06:35PM -0500, Rasmus Lerdorf wrote:
> When I authenticate on a page using a user id of: tätär
> and a password of: blah
[snip]
> while Netscape sends:
>
> Basic dOR0
Duplicated with Navigator 4.07 on Linux.
> What gives? Unless I missed something, this looks like a pretty basic
> browser bug.
Sure seems like it. This decodes into "tät". Looks like Netscape's
encoder choked after munching on one chunk of input with an 8-bit
character.
--
Manoj Kasichainula - manojk at io dot com - http://www.io.com/~manojk/
"Show me an Ethernet collision and I'll show you a network that could
do with one user fewer." -- BOFH