为什么Base64在基本身份验证中 [英] Why Base64 in Basic Authentication

查看:117
本文介绍了为什么Base64在基本身份验证中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

为什么在Authorization头文件中使用Base64编码username:password的结果字符串字面值?它的背景是什么?

解决方案

这是

 <$   的生产规则 userid-password = [token]:* TEXT 

这里 token 指定如下:

  token = 1 *<除CTL或tspecials外的任何CHAR> 

这基本上是任何US-ASCII字符,其范围为32到126,但不包含一些特殊字符(,< > @ ; \ / [] = {} ,空格和水平制表符)。

TEXT 指定如下:

  TEXT =<除CTL外的任何OCT,
但包括LWS>

这基本上都是八位字节(0-25 5)序列,除了控制字符(代码点0-31,127),但序列,它可以是一个或多个空格或水平制表符,它们可能位于前面通过CRLF序列:

  LWS = [CRLF] 1 *(SP | HT)

虽然这不会破坏标题字段值,但 LWS 与单个空格具有相同的语义


所有线性
空白(包括折叠)与SP具有相同的语义。

为了保持这样的序列,字符串在作为字段值放置之前进行编码。


why has the resulting string literal of "username:password" be encoded with Base64 in the Authorization header? Whats the background of it?

解决方案

This is the production rule for the userid-password tuple before it’s encoded:

userid-password   = [ token ] ":" *TEXT

Here token is specified as follows:

   token          = 1*<any CHAR except CTLs or tspecials>

This is basically any US-ASCII character within the range of 32 to 126 but without some special characters ((, ), <, >, @, ,, ;, :, \, ", /, [, ], ?, =, {, }, space, and horizontal tab).

And TEXT is specified as follows:

   TEXT           = <any OCTET except CTLs,
                    but including LWS>

This is basically any octet (0–255) sequence except control characters (codepoints 0–31, 127) but including linear whitespace sequences, which is one or more space or horizontal tab characters that may be preceded by a CRLF sequence:

   LWS            = [CRLF] 1*( SP | HT )

Although this doesn’t break a header field value, LWS has the same semantics as a single space:

All linear whitespace, including folding, has the same semantics as SP.

And to keep such sequences as is, the string is encoded before it’s placed as field value.

这篇关于为什么Base64在基本身份验证中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆