Python Scripts to logon to websites

Steve Holden steve at
Thu Jan 12 08:54:00 CET 2006

Peter Hansen wrote:
> BartlebyScrivener wrote:
>>>but googling for "basic authentication" and
>>>maybe "realm" and/or "host" will find you other sites with less
>>>technically detailed material.
>>This looks promising, but it'll take me a week to understand it :)
> (Minor typo... needs an extra "l" on the end:
> )
> By the way, note that neither basic auth nor digest auth provide any 
> real security, and in fact with basic auth the userid and password are 
> sent *in cleartext*.  For any serious production site these techniques 
> should probably not be used without additional security measures in 
> place, such as HTTPS encryption.
Underlining your point, the difference between the two is that digest 
offers *strong* authentication (i.e. is not subject to replay attacks) 
while basic doesn't (anyone can capture the traffic and use the same 
tokens to authorize against the site).

Sometimes strong authentication without confidentiality is a legitimate 

Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC           
PyCon TX 2006        

More information about the Python-list mailing list