Python Scripts to logon to websites
Steve Holden
steve at holdenweb.com
Thu Jan 12 02:54:00 EST 2006
Peter Hansen wrote:
> BartlebyScrivener wrote:
>
>>>but googling for "basic authentication" and
>>>maybe "realm" and/or "host" will find you other sites with less
>>>technically detailed material.
>>
>>This looks promising, but it'll take me a week to understand it :)
>>
>>http://www.voidspace.org.uk/python/articles/authentication.shtm
>
>
> (Minor typo... needs an extra "l" on the end:
>
> http://www.voidspace.org.uk/python/articles/authentication.shtml
> )
>
> By the way, note that neither basic auth nor digest auth provide any
> real security, and in fact with basic auth the userid and password are
> sent *in cleartext*. For any serious production site these techniques
> should probably not be used without additional security measures in
> place, such as HTTPS encryption.
>
Underlining your point, the difference between the two is that digest
offers *strong* authentication (i.e. is not subject to replay attacks)
while basic doesn't (anyone can capture the traffic and use the same
tokens to authorize against the site).
Sometimes strong authentication without confidentiality is a legitimate
requirement.
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/
More information about the Python-list
mailing list