[Web-SIG] HTTP digest support
anthony at interlink.com.au
Sun Oct 19 03:03:50 EDT 2003
I'm currently working on fixing HTTP DIGEST auth support in the stdlib.
The current support in urllib2 is utterly broken. There's a patch on SF
which fixes it for the simple case (www.python.org/sf/823328). I'm also
working on the server side of it - see the python CVS,
nondist/sandbox/digestauth. Right now I have a simple server framework
that handles straight MD5 digest auth - I have a chunk of MD5-sess done,
and should get the rest finished in the next week or so.
Stuff still to be added:
server side checking of client nonce
storing away nonces and nonce-counts to prevent replay attacks
client side checking of Authentication-info headers
integrating the DIGEST and BASIC auth into a single chunk of code
other stuff I've forgotten right now
I'd _like_ for the basic HTTP handling stuff in the stdlib to have full
digest auth support "out of the box" for Python 2.4.
More information about the Web-SIG