DEV Community

loading...

What characters should be allowed in HTTP Basic Authentication userid and password

ethanarrowood profile image Ethan Arrowood ・1 min read

Based on this RFC2617 Specification, HTTP Basic Authentication userid can contain any TEXT excluding the symbol :. The password can contain any TEXT. Are these the only rules for Basic Authentication usernames and passwords?

Discussion (1)

pic
Editor guide
Collapse
orkon profile image
Alex Rudenko

As far as I know there are no other restrictions on HTTP level. But there can be restrictions in the user/password database where you register the username and the password. For example, if you use htpasswd as the database, it has a separate section regarding restrictions httpd.apache.org/docs/2.4/programs...