Is there a maximum length for a HTTP BASIC authentication username?

http-authentication
user240438 picture user240438 · Oct 26, 2010 · Viewed 14.1k times · Source

Is there a maximum length for a username or password which is sent to a web application through HTTP BASIC authentication? I looked through RFC2617 and couldn't find anything obvious, but was curious and wanted to make sure.

(This is all being done over SSL, so don't worry about security for my sake.)

Answer

bobince picture bobince · Oct 26, 2010

There's no spec-enforced limit on the auth token. However you may run into practical server-specific limits on HTTP headers in general, as outlined in this question.

Related questions

How to set the authorization header using curl

How do I pass authorization header using cURL? ( executable in /usr/bin/curl).

Read More
CURL to access a page that requires a login from a different page

I have 2 pages: xyz.com/a and xyz.com/b. I can only access xyz.com/b if and only if I login to xyz.com/a first. If accessing xyz.com/b without going through the other, I simply …

Read More
Basic HTTP authentication with Node and Express 4

It looks like implementing basic HTTP authentication with Express v3 was trivial: app.use(express.basicAuth('username', 'password')); Version 4 (I'm using 4.2) removed the basicAuth middleware, though, so I'm a little stuck. I have the following code, but it doesn't cause …

Read More