Based on this RFC2617 Specification, HTTP Basic Authentication userid can contain any TEXT excluding the symbol :. The password can contain any TEXT. Are these the only rules for Basic Authentication usernames and passwords?
Ethan Arrowood
Posted on
What characters should be allowed in HTTP Basic Authentication userid and password
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
As far as I know there are no other restrictions on HTTP level. But there can be restrictions in the user/password database where you register the username and the password. For example, if you use htpasswd as the database, it has a separate section regarding restrictions httpd.apache.org/docs/2.4/programs...