[
https://issues.jboss.org/browse/WFLY-6823?page=com.atlassian.jira.plugin....
]
Jan Kalina edited comment on WFLY-6823 at 10/16/17 7:35 AM:
------------------------------------------------------------
Source for reference:
https://github.com/undertow-io/undertow/blob/7a2a32d7d47ca584566b3f7d05a1...
-Need to note, when passwords are stored in hashes on the server, there would have to be
stored hash for every supported encoding.-
-Just note, in Undertow (EAP) is this supported only by BASIC mechanism - not by DIGEST
mechanism, so this would be new feature.-
Edit: sorry, I have overlooked this is aimed to BASIC - for that one this is possible
was (Author: honza889):
Source for reference:
https://github.com/undertow-io/undertow/blob/7a2a32d7d47ca584566b3f7d05a1...
Need to note, when passwords are stored in hashes on the server, there would have to be
stored hash for every supported encoding.
Just note, in Undertow (EAP) is this supported only by BASIC mechanism - not by DIGEST
mechanism, so this would be new feature.
Doesn't work using non-ASCII chars for username and/or password
for BASIC authentication.
-----------------------------------------------------------------------------------------
Key: WFLY-6823
URL:
https://issues.jboss.org/browse/WFLY-6823
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Hynek Švábek
Doesn't work using non-ASCII chars for username and/or password for BASIC
authentication.
We noticed it when we looked on JIra issue
https://issues.jboss.org/browse/JBEAP-3603.
We JBoss EAP 7 expects encoded UTF-8 strings in code. But we didn't find any
information about it in specification.
It works with Chrome and Opera, but it doesn't work with Firefox.
Since there is no documentation for this username/password limitation it can affect
customers who want to use non-ASCII credentials.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)