Password protected .mac websites are case sensitive

Feb 28, '03 09:22:00AM

Contributed by: jr_nym

I recently volunteered to update the website for my son's school. In order to beta test the site, I decided to use my .mac account to create a password protected web site. Addresses for .mac accounts use a URL similar to "http://homepage.mac.com/username". My username is formed as firstname_lastname, all in lower case. When I spoke to the school secretary to give her the URL and password, she asked if capitalization mattered. I told her that capitalization was important for the password, but that URLs are case insensitive. This is only partially true.

It appears that if you create a password protected site using .mac, capitalization of the username portion of the URL is important. When a user accesses a password protected .mac website they are presented with a web page that requests only the password. The username is parsed from the URL and is used for authentication. If the username portion of the URL is incorrectly capitalized, authentication will fail.

If someone accessing a password protected .mac website incorrectly capitalizes the username, the only way to get into the website is to purge the history list (this is the behavior in both IE and Safari) then provide the correctly capitalized URL.

[robg adds: I tested this with a password protected page on my mac.com site, and it's definitely true -- if my name is incorrectly capitalized, authentication fails...]

Comments (8)


Mac OS X Hints
http://hints.macworld.com/article.php?story=200302261038110