Is there a maximum length for a username or password which is sent to a web application through HTTP BASIC authentication? I looked through RFC2617 and couldn't find anything obvious, but was curious and wanted to make sure.
(This is all being done over SSL, so don't worry about security for my sake.)