On Mon, 12 May 2008 11:48:14 +0200, Christian Haselbach ch@mr-co.de wrote:
I just stumbled upon an encoding problem with the authorization header. It cannot really handle UTF-8 encoded user names (or passwords), because base64:base64-string-to-string does not respect the used encoding.
In my local instance, I fixed this by changing hunchentoot's authorization function as follows:
My understanding of the standard is that what you are doing is wrong. Basic authentication is described in RFC 2617 where it says that the "userid" and "password" parts must be "TEXT" and "TEXT" is defined in RFC 2616 as "any octet", /but/
"words of *TEXT may contain characters from character sets other than ISO-8859-1 only when encoded according to the rules of RFC 2047."
So, you'd have to add support for proper RFC 2047 parsing to make the function deal with this correctly. (And I'd say that that would probably be worth its own library, maybe based on FLEXI-STREAMS.)
Or as patch:
BTW, note that your email program rendered the patch unusable.
Thanks, Edi.