[erlang-patches] problem with ":" in http passwords
David Welton
davidw@REDACTED
Wed May 19 14:05:50 CEST 2010
>> I was trying to do something along the lines of
>>
>> http:request("http://foo:bar:bee:bop@dedasys.com"), where, in theory,
>> 'foo' is the username, and the rest is a password, but that causes
>> problems - try it for yourself and see what sort of headers it
>> generates.
>
> Looking at RFC 1738:
>
> The user name (and password), if present, are followed by a commercial
> at-sign "@". Within the user and password field, any ":", "@", or "/"
> must be encoded.
>
> See: http://www.faqs.org/rfcs/rfc1738.html
>
> Maybe try:
>
> edoc_lib:escape_uri("my:pass").
Aha - I suspected as much, but I looked at the wrong RFC, I guess. A
quick experiment shows that the service I'm trying to talk with
(twitter's streaming API) does not like it if I encode the entire
password, but does accept encoded ':' characters (as per the RFC, I
suppose). It also accepts it unencoded. So the proper fix here will
encode :, @ and / and nothing else. It'll probably take me a bit to
get to that.
Thanks,
--
David N. Welton
http://www.welton.it/davidw/
http://www.dedasys.com/
More information about the erlang-patches
mailing list