[Tutor] getting a webpage via python

Kent Johnson kent37 at tds.net
Tue Mar 8 20:58:15 CET 2005

Paul Tremblay wrote:
> So I just make a file called /etc/router_passwords  and include
> something like 
> WRT54G username password
> Then parse the file, and supply the info to the password handler? This
> is easy to do, and I guess it is secure. 

No, it's not secure at all. In either case (password in the script, password in a file) you are 
saving a cleartext password in a text file on your computer. I don't think either one is really any 
more secure than the other. To make your separate file really secure you would have to encrypt it 
some how.

The thing is, Basic auth is inherently insecure - the password is sent Base64 encoded to the web 
server. Base64 is easily reversed, it is not a secure encoding. So unless you are using HTTPS for a 
secure link, you are pretty much out of luck anyway.

I am networking on a home
> system, so security is not so big a concern. However, I have seen a lot
> of people struggle with getting router addresses from the WRT54G,so I
> thought I might offer my script, and I wanted to do things a secure,
> normal way.

If it were me, for my own use, I would probably just put the password in the script. One advantage 
of putting it in a separate file is that you can share the script as is, you don't have to edit out 
your password each time you send it. On the other hand you have to document the separate file. So 
for a script you are going to share there might be a small convenience factor to using a separate 
file. But I don't think there is any difference in security.


More information about the Tutor mailing list