Re: hno's auth_escape patch

===
----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Cc: "Andrew Reid" <andrew.reid@plug.cx>; "Squid Developers"
<squid-dev@squid-cache.org>
Sent: Thursday, February 14, 2002 11:06 PM
Subject: Re: hno's auth_escape patch

> On Thursday 14 February 2002 07.43, Robert Collins wrote:
>
> > I like the url escaping. It's more flexible - in that it allows the
> > redirectors and basic auth helpers to use the same interface.
> > Digest is already escaped IIRC, and there is that old patch we
> > (you?) whipped up for basic.
>
> Only issue I have with URL escaping is that it is escaping. The basic
> credentials are not escaped.
>
> If we use URL escaping, then each helper needs to have code for
> decoding URL escapes. If we use the Basic credentials as is, then the
> only change needed in the helpers are to use : as field separator. A
> simple task in all languages.

We have RFC19 whatever escaping code in libmisc already - no new code is
needed for helpers, just a new library and one function call.

> Note: my posting was a bit unclear. What I meant is to use the
> user-pass format of RFC2617, not the raw base64-user-pass header
> value.

Ok, gotcha now.

> The redirector interface is different. For one thing it is not
> dependent on the auth scheme.

True. The issues with spaces are constant though - which is why I'm
suggesting using the url escaped string here.

Rob
Received on Thu Feb 14 2002 - 05:33:32 MST