Daniel Shahaf wrote on Thu, Apr 26, 2012 at 18:36:54 +0300:
> Without reading the context: Philip Martin posted just this week with
> a detailed explanation of when non-ASCII passwords would (and wouldn't)
> work over http.
(The bottom line was that the input on the client must result in the
same bytes the server expects to see --- but the input on the client
depends on locale.
(Also, he didn't touch on that issue there, but I'm quite sure that the
infamous NFC/NFD issue applies here too; namely, é has two encodings in
UTF-8 and the client and server must agree on which one to use...))
>
> Nico Kadel-Garcia wrote on Thu, Apr 26, 2012 at 08:12:27 -0400:
> > On Thu, Apr 26, 2012 at 7:36 AM, Cooke, Mark <mark.cooke_at_siemens.com> wrote:
> >
> > > Hi Steve,
> > >
> > > Glad to have been useful (and to know it is not just me)!
> > >
> > > Unfortunately I have not managed to get to the bottom of how or why
> > > subversion <-> httpd is mangling the password and what (if anything)
> > > subversion (or neon or serf?) could change to fix this...
> > >
> > > ~ mark c
> > >
> > As I remember, not much. Passing non-ASCII characters through any kind of
> > password handling tool is a problem, for a lot of reasons.
Received on 2012-04-26 17:40:08 CEST