Is there a maximum length for a username or password which is sent to a web application through HTTP BASIC authentication? I looked through RFC2617 and couldn't find anything obvious, but was curious and wanted to make sure.
(This is all being done over SSL, so don't worry about security for my sake.)
There's no spec-enforced limit on the auth token. However you may run into practical server-specific limits on HTTP headers in general, as outlined in this question.
According to http://httpd.apache.org/docs/2.4/programs/htpasswd.html#restrictions there is a limit of 255 characters for the username (and the username may not contain : ).
On Windows there is additionally a limit of 255 characters for the password - if the password is longer it will be truncated.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 傲 的文章《Is there a maximum length for a HTTP BASIC authent》','https://www.manongdao.com/article-361038.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}