Python Scripts to logon to websites

Steve Holden steve at holdenweb.com
Thu Jan 12 08:54:00 CET 2006


Peter Hansen wrote:
> BartlebyScrivener wrote:
> 
>>>but googling for "basic authentication" and
>>>maybe "realm" and/or "host" will find you other sites with less
>>>technically detailed material.
>>
>>This looks promising, but it'll take me a week to understand it :)
>>
>>http://www.voidspace.org.uk/python/articles/authentication.shtm
> 
> 
> (Minor typo... needs an extra "l" on the end:
> 
> http://www.voidspace.org.uk/python/articles/authentication.shtml
> )
> 
> By the way, note that neither basic auth nor digest auth provide any 
> real security, and in fact with basic auth the userid and password are 
> sent *in cleartext*.  For any serious production site these techniques 
> should probably not be used without additional security measures in 
> place, such as HTTPS encryption.
> 
Underlining your point, the difference between the two is that digest 
offers *strong* authentication (i.e. is not subject to replay attacks) 
while basic doesn't (anyone can capture the traffic and use the same 
tokens to authorize against the site).

Sometimes strong authentication without confidentiality is a legitimate 
requirement.

regards
  Steve
-- 
Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC                     www.holdenweb.com
PyCon TX 2006                  www.python.org/pycon/




More information about the Python-list mailing list