Skip to content

What characters should be allowed in HTTP Basic Authentication userid and password

twitter logo github logo ・1 min read  

Based on this RFC2617 Specification, HTTP Basic Authentication userid can contain any TEXT excluding the symbol :. The password can contain any TEXT. Are these the only rules for Basic Authentication usernames and passwords?

twitter logo DISCUSS (1)
markdown guide

As far as I know there are no other restrictions on HTTP level. But there can be restrictions in the user/password database where you register the username and the password. For example, if you use htpasswd as the database, it has a separate section regarding restrictions

Classic DEV Post from Nov 12 '19

Feeling excluded and sad for not getting positive feedback - How should I react?

Ethan Arrowood profile image
Microsoft Software Engineer by day, JavaScript/TypeScript/Node.js open source contributor by night.

Sore eyes? now has dark mode.

Go to the "misc" section of your settings and select night theme ❀️