Description
The Spring Boot Data MongoDB documentation says:
Username and password credentials used in XML-based configuration must be URL-encoded when these contain reserved characters, such as
:,%,@, or,. The following example shows encoded credentials:m0ng0@dmin:mo_res:bw6},Qsdxx@admin@database→m0ng0%40dmin:mo_res%3Abw6%7D%2CQsdxx%40admin@databaseSee section 2.2 of RFC 3986 for further details.
However § 2.2 is referring to general delimiters as well as "sub-delimiters" that may or may not be restricted based upon individual URI-components. In RFC 3986 § 3.2.1. User Information you can see that username/password data isn't so limited, and can actually contain: sub-delims from § 2.2.
userinfo = *( unreserved / pct-encoded / sub-delims / ":" )
Thus it would seem that of the reserved characters only gen-delims are excluded:
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
Therefore only the following delimiters must be URI-encoded in the username or password components: %, :, /, ?, #, [, ], @.
Nowhere in RFC 3986 can I find any indication that characters such as comma , are restricted in the username or password components. Let me know if I missed that.