cURL / Mailing Lists / curl-library / Single Mail


Re: Specifying colon in authentication username

From: David Shaw <>
Date: Fri, 7 Sep 2007 09:15:36 -0400

On Tue, Sep 04, 2007 at 10:15:32AM -0400, Achint Mehta wrote:
> Hi,
> I am using the 7.16.3 version of curl library.
> Curl library's C API provides interface for specifying authentication
> username and password.
> However, the username and password have to be provided in a single API with
> username and password separated with a colon.
> This assumes that the username would not contain colon.
> Is there any way that I can specify a username conatining a colon (or is it
> a violation of protocol) ?

I've seen the various responses to this mail, but I am a bit confused.
It seems that at least for basic auth, it would indeed be a violation
of the protocol to have a userid with a colon in it. The spec even
goes so far as to define things with the userid explicitly excluded:

      user-pass = userid ":" password
      userid = *<TEXT excluding ":">
      password = *TEXT

This grammar implies that there could be a password with a colon in it
for basic auth (since the first colon must be the delimiter in
user-pass), but not a userid.

Are you doing digest auth, rather than basic?

Received on 2007-09-07