[Twisted-Python] Something strange about cred

David Reid dreid at dreid.org
Thu Feb 8 19:13:03 EST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Feb 8, 2007, at 2:51 PM, Stephen Waterbury wrote:

> Jean-Paul Calderone wrote:
>> ... I think the main problem you're
>> running into is that HTTP digest authentication is being used  ...
>
> *So* (for anybody still listening ;) I finally figured out the
> implication of Jp's comment:  all I had to do was remove the
> digest.DigestCredentialFactory('md5', 'My Realm') factory
> instance from HTTPAuthResource's list of credentialFactories
> and bingo, we're in basic auth mode and my checker works
> with the web2 auth example -- yay!

Why doesn't your DB Checker just support both interfaces?  
IUsernamePassword, and IUsernameHashedPassword,
doing the right thing depending on the interface provided by the  
credentials input.  Or, do the same thing regardless, because they  
provide compatible checkPassword interfaces.  You'd have to read the  
password from the DB here, but I don't see why that should concern  
you.  And the ability to use Digest auth would provide all around  
better security.

> That wasn't obvious to me from HTTPAuthResource's doc
> string nor from the example docs, but arguably I should have
> guessed it (sooner).

> Anyway, I'm happy now -- thanks, web2 team!

You're welcome, sorry I didn't get a chance to chime in on this
discussion earlier.

> Death to HTTP digest authentication!

I don't know, I definitely prefer digest authentication[1] to sending
my password in plaintext[2]

>
> Cheers,
> Steve
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

David Reid
http://dreid.org/

[1] I may be biased, i've spent a great deal of time on web2's digest  
implementation.  In fact, all the work put into web2's HTTP auth  
support was so I could do digest, and one day Kerberos.

[2] Yes I know base64 isn't plaintext, but it might as well be.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFy7ydrsrO6aeULcgRApErAJ9ER5Mi6HAdBP+7hku03n3DUiskigCfQgjq
bp1IMXp0OixUOxkZoS0mn3g=
=IYzd
-----END PGP SIGNATURE-----

More information about the Twisted-Python mailing list