Http Digest Authentication, Handle different browser char-sets...
Posted
by user160561
on Stack Overflow
See other posts from Stack Overflow
or by user160561
Published on 2010-02-12T06:40:49Z
Indexed on
2010/03/30
10:33 UTC
Read the original article
Hit count: 339
Hi all, I tried to use the Http Authentication Digest Scheme with my php (apache module) based website. In general it works fine, but when it comes to verification of the username / hash against my user database i run into a problem. Of course i do not want to store the user´s password in my database, so i tend to store the A1 hashvalue (which is md5($username . ':' . $realm . ':' . $password)) in my db. This is just how the browser does it too to create the hashes to send back.
The Problem:
I am not able to detect if the browser does this in ISO-8859-1 fallback (like firefox, IE) or UTF-8 (Opera) or whatever. I have chosen to do the calculation in UTF-8 and store this md5 hash. Which leads to non-authentication in Firefox and IE browsers.
How do you solve this problem?
Just do not use this auth-scheme? Or Store a md5 Hash for each charset?
Force users to Opera?
(Terms of A1 refer to the http://php.net/manual/en/features.http-auth.php example.) (for digest access authentication read the according wikipedia entry)
© Stack Overflow or respective owner