DEV Community

Ethan Arrowood
Ethan Arrowood

Posted on

What characters should be allowed in HTTP Basic Authentication userid and password

Based on this RFC2617 Specification, HTTP Basic Authentication userid can contain any TEXT excluding the symbol :. The password can contain any TEXT. Are these the only rules for Basic Authentication usernames and passwords?

Top comments (1)

Collapse
 
orkon profile image
Alex Rudenko

As far as I know there are no other restrictions on HTTP level. But there can be restrictions in the user/password database where you register the username and the password. For example, if you use htpasswd as the database, it has a separate section regarding restrictions httpd.apache.org/docs/2.4/programs...