[issue10284] NNTP should accept bytestrings for username and password
report at bugs.python.org
Wed Nov 3 23:27:58 CET 2010
Julien ÉLIE <julien at trigofacile.com> added the comment:
I quote what Russ Allbery has just answered on news.software.nntp:
It's completely unspecified what encoding to use for AUTHINFO USER/PASS,
which is one of the problems fixed by SASL. Clients should always use
SASL where possible because of things like this. None of the legacy
authentication mechanisms (for protocols besides NNTP, as well) support
If they have to fall back to AUTHINFO USER/PASS, they're unfortunately
just going to have to guess. Most clients previously probably just sent
whatever bytes across the wire that corresponded to the local character
set encoding of the username and password.
In practice, using anything other than ASCII in passwords with AUTHINFO
USER/PASS is not going to be portable and won't work reliably.
> ** How do current news readers send them to news servers?
> ** And how news servers should decode them?
News servers probably can't do anything better than just accepting them as
a byte stream and doing a byte-by-byte comparison against local
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list