[Zope-dev] Incorrect Padding?

Steve Alexander steve@cat-box.net
Mon, 24 Jul 2000 19:40:32 +0100


Martijn Pieters wrote:
> 
> RFC 1945 says one paragraph before that that the header should be matched
> case-insensitively. That was what the Moz bug was all about.

Thanks for the clarification.

> >         # Only do basic authentication
> >         if lower(auth[:6])!='basic ':
> >             return None
> >         name,password=tuple(split(decodestring(strip(auth[6:])), ':',
> > 1))
> >
> >
> > The "strip" is in there just in case a client responds with
> >
> > "basic  base64blah" instead of
> > "basic base64blah".
> 
> The split already takes out the whitespace. No need to strip.

There's a base64.decodestring() between the strip and the split.

Leading and/or trailing spaces make base64 strings invalid.

--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net