New to Python and Programming. Trying to make scripts that will open
sites and automatically log me on.
The following example is from the urllib2 module.
What are "realm" and "host" in this example.
import urllib2
# Create an OpenerDirector with support for Basic HTTP
Authentication. ..
auth_handler = urllib2.HTTPBas icAuthHandler()
auth_handler.ad d_password('rea lm', 'host', 'username', 'password')
opener = urllib2.build_o pener(auth_hand ler)
# ...and install it globally so it can be used with urlopen.
urllib2.install _opener(opener)
urllib2.urlopen ('http://www.example.com/login.html')
Does anyone have a simple example of a script that opens, say, gmail or
some other commonly accessed site that requires a username and password
so that I can see how one is made?
Thanks very much for any help.
rpd 13 2356
BartlebyScriven er wrote: New to Python and Programming. Trying to make scripts that will open sites and automatically log me on.
The following example is from the urllib2 module.
What are "realm" and "host" in this example.
http://www.ietf.org/rfc/rfc2617.txt probably provides more background
than you want on that topic, but googling for "basic authentication" and
maybe "realm" and/or "host" will find you other sites with less
technically detailed material. The first hit has a little summary
amidst some Apache-specific detail.
Does anyone have a simple example of a script that opens, say, gmail or some other commonly accessed site that requires a username and password so that I can see how one is made?
"realm" and "host" are associated with "basic authentication" and not
all sites use that. If the browser pops up a little dialog box of its
own (i.e not some Javascript-triggered thing) and you have to enter your
username and password there, that's probably a "basic auth" (or "digest
auth") site. If you fill that info into a form (as on gmail.com) you
don't want any of that "realm/host" stuff.
I'll leave it to others more expert in this to provide a more directly
useful answer.
-Peter
"BartlebyScrive ner" <rp*******@gmai l.com> writes: New to Python and Programming. Trying to make scripts that will open sites and automatically log me on.
A common enough things to want to do.
The following example is from the urllib2 module.
What are "realm" and "host" in this example.
Host is a domain name that can be mapped to a ip address. Realm is
from HTTP authentication schemes. When the server asks for
authentication, it gives out a "realm" name as well, so that different
parts of the host can use different authentication systems.
Does anyone have a simple example of a script that opens, say, gmail or some other commonly accessed site that requires a username and password so that I can see how one is made?
Yes, but its not clear how much good it'll do you. As Peter indicated,
not everyone uses HTTP based authentication. In fact, pretty much
anyone who wants to control how the authentication boxes look (which
seems to be 99% of the people writing web apps, never mind that they
can't really do that) use something other than HTTP-based
authentication. How you go about dealing with such sites depends on
where they put the user name/login information,and how they encode the
fact that you've authenticated as user "xxxx".
So I could show you my script for accessing yahoo. However, it
probably won't work on another site without changes to accomodate the
other site.
<mike
--
Mike Meyer <mw*@mired.or g> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
BartlebyScriven er wrote: New to Python and Programming. Trying to make scripts that will open sites and automatically log me on.
[snip] Does anyone have a simple example of a script that opens, say, gmail or some other commonly accessed site that requires a username and password so that I can see how one is made?
I see your example uses HTTP authentication, but I still recommend
checking out mechanoid [1] if you want to access a site with a
form-based login system. The source contains an example that retreives
and sends email through Yahoo.
[1] http://cheeseshop.python.org/pypi/mechanoid/
--
dOb
> but googling for "basic authentication" and maybe "realm" and/or "host" will find you other sites with less technically detailed material.
This looks promising, but it'll take me a week to understand it :) http://www.voidspace.org.uk/python/a...ntication.shtm
Thanks for your help with the search terms.
rpd
l
Peter Hansen wrote: BartlebyScriven er wrote: New to Python and Programming. Trying to make scripts that will open sites and automatically log me on.
The following example is from the urllib2 module.
What are "realm" and "host" in this example.
http://www.ietf.org/rfc/rfc2617.txt probably provides more background than you want on that topic, but googling for "basic authentication" and maybe "realm" and/or "host" will find you other sites with less technically detailed material. The first hit has a little summary amidst some Apache-specific detail.
Does anyone have a simple example of a script that opens, say, gmail or some other commonly accessed site that requires a username and password so that I can see how one is made?
"realm" and "host" are associated with "basic authentication" and not all sites use that. If the browser pops up a little dialog box of its own (i.e not some Javascript-triggered thing) and you have to enter your username and password there, that's probably a "basic auth" (or "digest auth") site. If you fill that info into a form (as on gmail.com) you don't want any of that "realm/host" stuff.
I'll leave it to others more expert in this to provide a more directly useful answer.
-Peter
BartlebyScriven er wrote: but googling for "basic authentication" and maybe "realm" and/or "host" will find you other sites with less technically detailed material.
This looks promising, but it'll take me a week to understand it :)
http://www.voidspace.org.uk/python/a...ntication.shtm
(Minor typo... needs an extra "l" on the end: http://www.voidspace.org.uk/python/a...tication.shtml
)
By the way, note that neither basic auth nor digest auth provide any
real security, and in fact with basic auth the userid and password are
sent *in cleartext*. For any serious production site these techniques
should probably not be used without additional security measures in
place, such as HTTPS encryption.
-Peter
Thanks, Peter.
Peter Hansen wrote: BartlebyScriven er wrote:but googling for "basic authentication" and maybe "realm" and/or "host" will find you other sites with less technically detailed material.
This looks promising, but it'll take me a week to understand it :)
http://www.voidspace.org.uk/python/a...ntication.shtm
(Minor typo... needs an extra "l" on the end:
http://www.voidspace.org.uk/python/a...tication.shtml )
By the way, note that neither basic auth nor digest auth provide any real security, and in fact with basic auth the userid and password are sent *in cleartext*. For any serious production site these techniques should probably not be used without additional security measures in place, such as HTTPS encryption.
-Peter
Peter Hansen <pe***@engcorp. com> writes: By the way, note that neither basic auth nor digest auth provide any real security, and in fact with basic auth the userid and password are sent *in cleartext*. For any serious production site these techniques should probably not be used without additional security measures in place, such as HTTPS encryption.
To be clear, the HTTP authentication schemes don't provide any
security for the *content* that gets passed back and forth, and they
don't claim to. If someone can intercept that content, they can read
it. For some applications, this is really important. For others, it
doesn't matter at all.
Basic auth doesn't (quite) pass the user name and password in
cleartext. It uses rot-13. For all the protection it provides, it
might as well be cleartext.
Digest passes around md5 sums of varous bits and pieces. While md5 has
been compromised, I don't believe that's happened in a way that
compromises the security of digest auth. The password and username
that pass over the wire are about as secure as they're going to get
without noticably heavier mechanisms than digest auth requires. On the
downside, the server has to have the clear text password available.
<mike
--
Mike Meyer <mw*@mired.or g> http://www.mired.org/home/mwm/ Independent
WWW/Perforce/FreeBSD/Unix consultant, email for more information.
Mike Meyer wrote: Peter Hansen <pe***@engcorp. com> writes:By the way, note that neither basic auth nor digest auth provide any real security, and in fact with basic auth the userid and password are sent *in cleartext*. For any serious production site these techniques should probably not be used without additional security measures in place, such as HTTPS encryption. To be clear, the HTTP authentication schemes don't provide any security for the *content* that gets passed back and forth, and they don't claim to. If someone can intercept that content, they can read it. For some applications, this is really important. For others, it doesn't matter at all.
If someone can see the content, they can also see the userid and
password. If they can see the password, they will (with how most people
operate) now have a userid and password that will work on many other
sites, including possibly someone's banking site, no matter how secure
even the content might be for that site.
Most people on the web are simply too ignorant of security issues for
those of us building systems that require passwords to ignore this
issue. To do so is to endanger the security and privacy of the very
people you are hoping to have as users and customers, which is lazy and
careless (and perhaps in some countries even criminal these days).
Basic auth doesn't (quite) pass the user name and password in cleartext. It uses rot-13. For all the protection it provides, it might as well be cleartext.
It's actually base64 encoding, but it amounts to the same thing, as you
say, as cleartext, since it's trivially reversible. The protection is
useless against all but honest people who might otherwise accidentally
see it while looking at packet monitoring dumps or such.
Digest passes around md5 sums of varous bits and pieces. While md5 has been compromised, I don't believe that's happened in a way that compromises the security of digest auth. The password and username that pass over the wire are about as secure as they're going to get without noticably heavier mechanisms than digest auth requires. On the downside, the server has to have the clear text password available.
My information about digest was either obsolete or simply wrong, as I
didn't realize it had all the nonce and anti-replay support it appears
to have. (I may have been remembering articles about how much of that
wasn't supported widely at some time in the past, meaning replays were
still quite possible in most cases. No longer sure.) Thanks for the
correction.
In my own opinion, however, requiring that passwords be stored in clear
text on the server is still quite a bad thing to do. I don't think even
system administrators should ever have access to user passwords. But
many people don't seem to agree (or at least, are more than happy to be
lazy rather than diligent in protecting their users' privacy).
-Peter
Peter Hansen <pe***@engcorp. com> writes: My information about digest was either obsolete or simply wrong, as I didn't realize it had all the nonce and anti-replay support it appears to have. (I may have been remembering articles about how much of that wasn't supported widely at some time in the past, meaning replays were still quite possible in most cases. No longer sure.) Thanks for the correction.
Digest is actually rarely used, since sites with enough security
requirements to make it worthwhile generally use SSL/TLS with either
basic auth, or with some login mechanism implemented by the
application. Actually, HTTP authentication (basic or digest) is not
used all that much in general these days, since nontrivial web apps
generally prefer to do their own authentication. It was more common
in the early days of the web when most pages were static.
In my own opinion, however, requiring that passwords be stored in clear text on the server is still quite a bad thing to do.
Digest auth, like basic auth, doesn't require storing the cleartext
password; only a hash of the password needs to be stored. See RFC
2617 for details. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Edward K. Ream |
last post by:
I would like to say a few (actually more than a few) words here about some
recent discoveries I have made concerning the interaction of Leo and Python.
If you don't want to hear an inventor enthuse about his work, please feel
free not to read further :-)
There are at least three, no four, no five, no six, no seven reasons why Leo
and Python work so well together. Most are new (in my mind) with the 4.1
release of Leo. The first several...
|
by: Logan |
last post by:
Several people asked me for the following HOWTO, so I decided to
post it here (though it is still very 'alpha' and might contain
many (?) mistakes; didn't test what I wrote, but wrote it - more
or less - during my own installation of Python 2.3 on Fedora Core 1
Linux for a friend of mine).
Anyway, HTH, L.
|
by: The Tao of Spike |
last post by:
I've recentlty been getting into programming. I was wondering what
language to learn first and after asking around I decided on Python.
I'm about half way through "Non-Programmers Tutorial For Python" By
Josh Cogliati (http://www.honors.montana.edu/~jjc/easytut/easytut/)
and I'm wondering where I should go after this. Any help is
appreciated, thanks.
|
by: Ksenia Marasanova |
last post by:
Hi,
I have few Python cgi scripts on the server (FreeBSD 4.9) for sending
email from plain HTML websites.
Few days ago I added database backup functionality to it, by saving
emails into the database (psycopg + PostgreSQL).
Since then nasty messages like this sometimes appear in daily security
log:
> pid 6926 (python), uid 80: exited on signal 11
|
by: Philippe Martin |
last post by:
Hi,
Are there any (even prototypes/proof of concept) gdm/kdm/xdm.../-style
packages written in Python ?
Regards,
Philippe
| |
by: Manfred Kooistra |
last post by:
If I have a document like this:
<html>
<head>
<script language=javascript>
window.location.href='file.php';
</script>
</head>
<body>
body content
|
by: Ultrus |
last post by:
Hello Python Gurus,
I picked up a book the other day on Python programming. Python rocks!
I'm learning Python as I want to call upon it to handle some intensive
tasks from PHP/web server.
The top goal right now is automating audio editing using Python. Is it
possible? I was able to do this directly through php, but it was
reaaaallllyyyyy slowwwwwwww. PHP is not designed for that sort of
thing.
|
by: Dave Parker |
last post by:
I've read that one of the design goals of Python was to create an easy-
to-use English-like language. That's also one of the design goals of
Flaming Thunder at http://www.flamingthunder.com/ , which has proven
easy enough for even elementary school students, even though it is
designed for scientists, mathematicians and engineers.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |