473,396 Members | 2,154 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > python code to do the *server* side of digest authentication?

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Python code to do the *server* side of digest authentication?

Hi all,
I've got a very simple HTML proxy server to access the web from my
cell phone (based on this code: http://www.okisoft.co.jp/esc/python/proxy/).
It's a very retarded phone that freezes if there's no Content-Length
header and some other circumstances, so I have to tweak and modify the
headers received slightly. But it works quite well with these hacks.

Now I'd like to add proxy authentication so that I'm not running this
open proxy all the time. I would like to use Digest authentication
(http://en.wikipedia.org/wiki/Digest_...authentication) rather
than Basic authentication so as not to expose any plaintext password.

It appears that there are plenty of Python libraries to do the
*client* side of the authentication (e.g. urllib2) but I have not
found much code that does the *server* side of the authentication.
That is, I am looking for code to generate the WWW-Authentication
header (including appropriate nonce and opaque string) and to verify
the Authorization header sent by the client when it retries.

It does not look *too* hard to implement, but it does involve crypto
and I'd just as soon use some tried-and-true code rather than roll my
own in this case. Does anyone have any suggestions of where to find
such code?

Thanks!

Dan

Feb 15 '07 #1
2 3317
Dan Lenski wrote:
Hi all,
I've got a very simple HTML proxy server to access the web from my
cell phone (based on this code: http://www.okisoft.co.jp/esc/python/proxy/).
It's a very retarded phone that freezes if there's no Content-Length
header and some other circumstances, so I have to tweak and modify the
headers received slightly. But it works quite well with these hacks.

Now I'd like to add proxy authentication so that I'm not running this
open proxy all the time. I would like to use Digest authentication
(http://en.wikipedia.org/wiki/Digest_...authentication) rather
than Basic authentication so as not to expose any plaintext password.

It appears that there are plenty of Python libraries to do the
*client* side of the authentication (e.g. urllib2) but I have not
found much code that does the *server* side of the authentication.
That is, I am looking for code to generate the WWW-Authentication
header (including appropriate nonce and opaque string) and to verify
the Authorization header sent by the client when it retries.

It does not look *too* hard to implement, but it does involve crypto
and I'd just as soon use some tried-and-true code rather than roll my
own in this case. Does anyone have any suggestions of where to find
such code?

Thanks!

Dan
I think that is because normally the web server does the authentication on the
server side. Why not use Apache to do the digest authentication?

http://httpd.apache.org/docs/2.0/mod...th_digest.html

-Larry
Feb 15 '07 #2
On Feb 15, 3:19 pm, Larry Bates <lba...@websafe.comwrote:
I think that is because normally the web server does the authentication on the
server side. Why not use Apache to do the digest authentication?

http://httpd.apache.org/docs/2.0/mod...th_digest.html

-Larry
Hi Larry,

I'm sorry that I wasn't clear in my original post! I don't need to do
the server authentication on the proxy (WWW-Authentication and
Authorization). What I need to do is the *proxy* authentication
(Proxy-Authentication and Proxy-Authorization).

Those headers are identical to the first pair, but they are handled by
the proxy; if the client isn't authorized, then they can't use the
proxy.

Dan

Feb 15 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
Dr. Dobb's Python-URL! - weekly Python news and links (Aug 12)
by: Irmen de Jong | last post by:
QOTW: "What can I do with Python that I can't do with C#? You can go home on time at the end of the day." -- Daniel Klein "Python lends itself to playing with it and to discussing the merits of...
Python
0
Dr. Dobb's Python-URL! - weekly Python news and links (Dec 8)
by: Emile van Sebille | last post by:
QOTW: "Have you ever used the copy module? I am *not* a beginner, and have used it *once* (and I can't remember what for, either)." -- Michael Hudson "It will likely take a little practice...
Python
3
using HTTP Digest auth with arbitrary HTTP methods?
by: John Reese | last post by:
Hello there. I've run into some missing functionality with HTTP Digest authentication in the 2.3 library and I was wondering if I'm just missing something. Missing functionality the first:...
Python
2
Python HTTP digest authentication woes...
by: john | last post by:
I'm trying to access the XML version of my Tivo now playing list with python. It uses auth digest HTTP authentication. I could really use some help! I'm able to get this page using curl: curl...
Python
2
Python Digest authentication against MS MapPoint
by: trapeze.jsg | last post by:
Hi. Is there anybody who have tried to use python to access Microsofts MapPoint soap services? I am trying hard but I have run into a big thick wall called md5 digest authentication. The...
Python
29
How to protect Python source from modification
by: Frank Millman | last post by:
Hi all I am writing a multi-user accounting/business system. Data is stored in a database (PostgreSQL on Linux, SQL Server on Windows). I have written a Python program to run on the client,...
Python
16
how to modify text in html form from python
by: Philippe C. Martin | last post by:
Hi, I am trying to change the data in a form field from python. The following code does not crash but has no effect as if "form" is just a copy of the original html form. Must I recreate the...
Python
0
Any way to maintain a digest-authenticated session in .NET?
by: paul | last post by:
I must (as a client application) connect via HTTP, authenticate using DIGEST authentication, and then make subsequent HTTP requests. The Problem: If I use System.Net.WebClient or...
ASP.NET
13
Python Scripts to logon to websites
by: BartlebyScrivener | last post by:
New to Python and Programming. Trying to make scripts that will open sites and automatically log me on. The following example is from the urllib2 module. What are "realm" and "host" in this...
Python
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!