Passing passwords in AXL requests

Version 1
    This document was generated from CDN thread

    Created by: MIKE WILCOX on 01-10-2009 04:33:13 AM
    I'm using perl to create AXL requests and send them to CUCM. The script takes the username, password and IP of the publisher as arguements and is used as:
     
    my $userAgent = LWP::UserAgent->new();
    my $request = HTTP::Request->new(POST => "https://$ARGV[0]:$ARGV[1]\@$ARGV[2]:8443/axl/");
    The problem is when the user has a special character in their password, as we require, especially the @ sign.
     
    Any ideas how to work around this?
     
    Thanks,
     
    Mike

    Subject: RE: Passing passwords in AXL requests
    Replied by: Stephan Steiner on 01-10-2009 03:35:00 PM
    url encoding perhaps? You have the same issue with query strings and I'm using url encoding for those.

    Subject: RE: Passing passwords in AXL requests
    Replied by: MIKE WILCOX on 01-10-2009 05:19:32 PM
    Any pointers to where to look for samples of that?
     
    Thanks,
     
    Mike

    Subject: RE: Passing passwords in AXL requests
    Replied by: David Staudt on 01-10-2009 08:44:32 PM
    Normally if you need to include a '@' symbol in a URL you would need to URL encode it:
     
    http://server:port/filenameincludes@symbol would be encoded as: http://server:port/filenameincludes%40symbol.
     
    More on URL encoding: http://en.wikipedia.org/wiki/Url_encoding.  An online encoder/decoder: http://meyerweb.com/eric/tools/dencoder/  Most languages have libraries to automatically encoded URLs available (surely including Perl.)
     
    BUT
     
    In this case the @ symbol is not part of the actual URL. The format https://[username:password]@server:port/file is not a real
    URL per RFC specs, though it is fairly commonly used to 'stuff' basic
    auth credentials into a URL.  When this form is used, it is assumed that the implementation (here  Perl SOAP lite) will parse out the username/pw, and use them to send basic auth. 
     
    So, how (or whether) you can escape/encode real @ symbols into the password field depends on the Perl library that parses the submitted string. 
     
    Probably the better approach would be to add a custom header to the request instead of trying to embed the credentials in the URL:
     
    - Concatenate username and password as:  username:password
    - Base64 encode the string
    - Add header to the SOAP request: Authorization: Basic [base64encoded string]
     
    Wikipedia: http://en.wikipedia.org/wiki/Basic_access_authentication
     
    I know little about Perl...good luck!