[Tutor] getting a webpage via python
Kent Johnson
kent37 at tds.net
Tue Mar 8 20:58:15 CET 2005
Paul Tremblay wrote:
> So I just make a file called /etc/router_passwords and include
> something like
>
> WRT54G username password
>
> Then parse the file, and supply the info to the password handler? This
> is easy to do, and I guess it is secure.
No, it's not secure at all. In either case (password in the script, password in a file) you are
saving a cleartext password in a text file on your computer. I don't think either one is really any
more secure than the other. To make your separate file really secure you would have to encrypt it
some how.
The thing is, Basic auth is inherently insecure - the password is sent Base64 encoded to the web
server. Base64 is easily reversed, it is not a secure encoding. So unless you are using HTTPS for a
secure link, you are pretty much out of luck anyway.
I am networking on a home
> system, so security is not so big a concern. However, I have seen a lot
> of people struggle with getting router addresses from the WRT54G,so I
> thought I might offer my script, and I wanted to do things a secure,
> normal way.
If it were me, for my own use, I would probably just put the password in the script. One advantage
of putting it in a separate file is that you can share the script as is, you don't have to edit out
your password each time you send it. On the other hand you have to document the separate file. So
for a script you are going to share there might be a small convenience factor to using a separate
file. But I don't think there is any difference in security.
Kent
More information about the Tutor
mailing list