[Python-bugs-list] [ python-Bugs-557704 ] netrc module can't handle all passwords

noreply@sourceforge.net noreply@sourceforge.net
Fri, 08 Nov 2002 03:46:58 -0800

Bugs item #557704, was opened at 2002-05-18 19:18
You can respond by visiting: 

Category: Python Library
Group: Python 2.2.1
Status: Open
Resolution: None
Priority: 5
Submitted By: Bram Moolenaar (vimboss)
Assigned to: Fred L. Drake, Jr. (fdrake)
Summary: netrc module can't handle all passwords

Initial Comment:
When a ~/.netrc file has a password with non-word
characters parsing fails.  Since it is recommended to
use punctuation characters in passwords, this means
most netrc files can't be parsed. An example of a line
in ~/.netrc that fails:

machine piet.puk.com  	login foo 	password bar!

Additionally, entries in netrc may not have a login
name (e.g., for mail servers).  These entries should be
silently skipped. An example of a line that fails:

machine mail          password fruit

The included diff is a partial solution.  It allows all
ASCII punctuation characters to be used in passwords. 
Non-ASCII characters should probably also be allowed.


>Comment By: Bram Moolenaar (vimboss)
Date: 2002-11-08 12:46

Logged In: YES 

Note that the old Netrc class in the ftplib module has a
different approach at parsing the .netrc file.  This might
actually work much better.


Comment By: Guido van Rossum (gvanrossum)
Date: 2002-06-05 20:43

Logged In: YES 

I think Fred knows this code.

I think Eric Raymond (the original author) wrote this as an 
example of his shlex. :-)


Comment By: Skip Montanaro (montanaro)
Date: 2002-06-02 14:48

Logged In: YES 

I think a better solution would be to not use shlex to parse netrc files.  
Netrc files aren't shells.  The whitespace is significant if it occurs inside a 
password.  I'd just use re.split(r'(\s+)') and restore the password when I 
encounterd the "password" keyword.


Comment By: Raymond Hettinger (rhettinger)
Date: 2002-05-19 03:56

Logged In: YES 

Expanding keyspace is generally a good idea; however, the 
significance of meta-characters is bound to bite someone in 
the behind with a hard to find error.  So, please 
reconsider single-quote, double-quote, backslash, 
greaterthan, lessthan, and pipe.

Looking at first part of the patch, consider:
- removing the TODO on line 31
- wrapping the character list in triple-quotes on line 32
- using the r'' form on line 32 to eliminate backslashes in 
the character list

Looking at the second part of the patch, I don't follow (am 
perhaps being daft) why expanding the keyspace necessitates 
changing the login logic.

The idea of allowing non-ASCII characters would be cool if 
the world had already universally accepted Latin-1 coding.  
That conflict is the reason that site.py defaults to ASCII 
encoding instead of handling non-US codings out of the box.


You can respond by visiting: