[ietf-nntp] AUTHINFO draft 01
Clive D.W. Feather
clive at demon.net
Mon Jul 5 02:23:06 PDT 2004
Russ Allbery said:
>> I've finally got round to reading this. I think it's mostly fine, but
>> have a few points.
>
>> 2.1.2 last para: if you change the syntax to
>> AUTHINFO USER username...
>> AUTHINFO PASS password...
>
>> then the white-space problem mostly goes away, because:
>
>> AUTHINFO USER fred flintstone
>> AUTHINFO PASS very secret
>
>> becomes legal.
>
> The only worry here is that many servers split on whitespace before doing
> anything else, and then wouldn't be able to distinguish between:
>
> AUTHINFO USER fred flintstone
> AUTHINFO USER fred flintstone
True. We don't actually say in [NNTP] that different amounts of white space
are to be treated the same, but that's what everyone does.
> That being said, I have no objections to making the above change; I still
> wouldn't encourage people to use whitespace, though, given that it isn't
> always going to work unless the server handles AUTHINFO specially.
Well, if the change is made, all that's needed is a piece of text something
like:
Because the exact amount of white space in a command is normally
ignored by the server, clients SHOULD always use a single space
between the arguments that make up the user name and password; this
implies, in particular, that passwords SHOULD NOT contain TABs or
adjacent spaces.
>> 2.2.1: we discussed briefly a separate response code meaning "invalid
>> base64 string". The logical code for this is 504 (it belongs in the 50x
>> space and this is the next unused code). There's still time to put that
>> in [NNTP], incidentally.
> I have no objections to this. It seems like a reasonable idea.
Done.
--
Clive D.W. Feather | Work: <clive at demon.net> | Tel: +44 20 8495 6138
Internet Expert | Home: <clive at davros.org> | Fax: +44 870 051 9937
Demon Internet | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc | |
More information about the ietf-nntp
mailing list