Authentication fails with special symbol in password
I cannot authenticate against a baikal server when there is a EURO-Sign ‘€’ in the password. The Davdroid clients pops-up with “401 unauthenticated”.
This could be the surface of other ‘unsuitable’ special chars in the password?
Davdroid 0.6.1 from f-droid.
Maybe it’s because of the encoding of the € sign? »The “Basic” authentication scheme defined in RFC 2617 does not properly define how to treat non-ASCII characters. This has lead to a situation where user agent implementations disagree, and servers make different assumptions based on the locales they are running in. There is little interoperability for characters in the ISO-8859-1 character set, and even less interoperability for any characters beyond that.«
Which encoding does your server use and which one do you expect?
For these reasons, I recommend to use only ASCII characters - it’s safe enough (a long alphanumeric password with maybe ASCII special characters won’t be cracked that easily).
wow, thanks for that quick reply, and yes you’re absolutely right: it’s an encoding issue.
The authors of the server implementation (http://sabre.io/dav/authentication/) write
Encoding issues Avoid non-ascii characters for passwords. We've noticed that different clients may use different encodings for passwords (windows may use CP-1252 and others UTF-8), so each results in a different password string.
And indeed, firefox, thunderbird and chrome use utf-8 before md5’in the password. And that is, what the server expects, btw. Although this is no longer a real bug to me (due to the ‘known limitations’), for future use you may either parse the ‘Accept-Charset: utf-8,*;q=0.1\r\n’ that the server sends, or make a configuration option ‘treat username & password as utf-8’. How are people with non-western characters using your great app?
Android’s default charset is UTF-8, so this should work. However, because it’s not clearly defined how to deal with non-ASCII passwords, I’d close this issue with your permission because I think investigating this wouldn’t bring useful results.
How are people with non-western characters using your great app?
Correct me if I’m wrong, but usally those people/systems have Latin characters as well (otherwise, they couldn’t even enter an URL or something like that).