Based on this RFC2617 Specification, HTTP Basic Authentication userid
can contain any TEXT
excluding the symbol :
. The password
can contain any TEXT
. Are these the only rules for Basic Authentication usernames and passwords?
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
As far as I know there are no other restrictions on HTTP level. But there can be restrictions in the user/password database where you register the username and the password. For example, if you use htpasswd as the database, it has a separate section regarding restrictions httpd.apache.org/docs/2.4/programs...