tags:

views:

17

answers:

1
Q: 

Is there a maximum length for a HTTP BASIC authentication username?

Is there a maximum length for a username or password which is sent to a web application through HTTP BASIC authentication? I looked through RFC2617 and couldn't find anything obvious, but was curious and wanted to make sure.

(This is all being done over SSL, so don't worry about security for my sake.)

+2  A: 

There's no spec-enforced limit on the auth token. However you may run into practical server-specific limits on HTTP headers in general, as outlined in this question.

bobince  2010-10-26 21:35:26

related questions

Basic HTTP Authentication on iPhone
Can I coerce Apache into not including a WWW-Authenticate header for failed HTTP Basic Auth?
How do I keep Firefox from prompting for username/password with HTTP Basic Auth with JQuery AJAX?
Apache .htaccess password protect with relative path
HTTP Authentication Headers for IIS windows authentication
How can an Ajax callback realize that a user's authenticated session has timed out?
IIS as reverse proxy
Designing a web api: How to authenticate?
Authenticating to Google Search Appliance using Basic HTTP auth and ASP.NET (VB)
How do I secure authentication but not the payload?
HTTP Digest Authentication versus SSL
What should we implement to authorize clients to use our web service?
Handling http authenticated urls from elisp
Flex 3 - how to support HTTP Authentication URLRequest?
HTTP Basic Authentication with HTTPService Objects in Adobe Flex/AIR
How does wininet handle cookies
IIS7 and Authentication problems
Apache/.htaccess - password-protecting a domain but whitelisting certain URIs within it
Why is the http auth UI so poor in browsers?
WCF WebHttp Mixed Authentication (Basic AND Anonymous)
HTTP Authentication (Basic or Digest) in ASP Classic via IIS
Can I use HTTP Basic Authentication with Django?
Kerberos and T125 protocol
How can I supress the browser's authentication dialog?
GreaseMonkey script to auto login using HTTP authentication