Discussion:
Apache mod_auth_form Module
(too old to reply)
d***@gmail.com
2018-11-07 22:44:59 UTC
Permalink
Re: https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html

In the docs, I find the following as it related to Usernames and Passwords:

Note that form submission involves URLEncoding the form data: in this case the username and password. You should therefore pick usernames and passwords that avoid characters that are URLencoded in form submission, or you may get unexpected results.

Which characters are subject to URLEncoding? Is there a work-around?
Eli the Bearded
2018-11-07 23:53:35 UTC
Permalink
Post by d***@gmail.com
Re: https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html
Note that form submission involves URLEncoding the form data: in this
case the username and password. You should therefore pick usernames and
passwords that avoid characters that are URLencoded in form submission,
or you may get unexpected results.
Which characters are subject to URLEncoding?
https://www.ietf.org/rfc/rfc1738.txt
Section 2.2 answers in the opposite direction:

Thus, only alphanumerics, the special characters "$-_.+!*'(),", and
reserved characters used for their reserved purposes may be used
unencoded within a URL.

For the purposes of RFC1738 "alphanumerics" means
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
(in ASCII). You needn't concern yourself with "what are the RFC1738
reserved characters?" because the reserved characters must be
encoded when not used for their reserved purposes, and usernames
and passwords are not ever reserved purposes.
Post by d***@gmail.com
Is there a work-around?
Handle login sessions in the http application ("cgi") instead of in the
http server ("apache").

The CGI layer can decode the URL encoding.

Elijah
------
thinks most people use accounts in the application
l***@gmail.com
2018-11-13 13:42:23 UTC
Permalink
Post by d***@gmail.com
Re: https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html
Note that form submission involves URLEncoding the form data: in this case the username and password. You should therefore pick usernames and passwords that avoid characters that are URLencoded in form submission, or you may get unexpected results.
Which characters are subject to URLEncoding? Is there a work-around?
Re: https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html
Note that form submission involves URLEncoding the form data: in this case the username and password. You should therefore pick usernames and passwords that avoid characters that are URLencoded in form submission, or you may get unexpected results.
Which characters are subject to URLEncoding?
Loading...