[Twisted-Python] Something strange about cred

Stephen Waterbury stephen.c.waterbury at nasa.gov
Fri Feb 9 15:40:37 EST 2007


David Reid wrote:
> 
> On Feb 8, 2007, at 7:01 PM, Stephen Waterbury wrote:
> 
>> David Reid wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>> On Feb 8, 2007, at 2:51 PM, Stephen Waterbury wrote:
>>>> Jean-Paul Calderone wrote:
>>>>> ... I think the main problem you're
>>>>> running into is that HTTP digest authentication is being used  ...
>>>>
>>>> *So* (for anybody still listening ;) I finally figured out the
>>>> implication of Jp's comment:  all I had to do was remove the
>>>> digest.DigestCredentialFactory('md5', 'My Realm') factory
>>>> instance from HTTPAuthResource's list of credentialFactories
>>>> and bingo, we're in basic auth mode and my checker works
>>>> with the web2 auth example -- yay!
>>> Why doesn't your DB Checker just support both interfaces? 
>>> IUsernamePassword, and IUsernameHashedPassword,
>>> doing the right thing depending on the interface provided by the 
>>> credentials input.  Or, do the same thing regardless, because they 
>>> provide compatible checkPassword interfaces.  You'd have to read the 
>>> password from the DB here, but I don't see why that should concern 
>>> you.  And the ability to use Digest auth would provide all around 
>>> better security.
>>
>> Thanks, David, but for my application it isn't useful.  IMNSHO, digest
>> auth only gives an illusion of good security -- it's encrypted, right? 
>> But I regard it as a waste of time, and the time that I have to work
>> on the actual logic of my application is in short supply as it is.
> 
> Well relative merits of Digest authentication aside, it's trivial to 
> make your DbChecker support the IUsernameHashedPassword of which there 
> are providers other than web2's DigestedCredentials.  So I feel like 
> you're really missing out on some of the flexibility that is cred, but 
> you seem to genuinely have no desire (and/or time) for anything more 
> than basic auth so I won't harp on this point anymore.

Two things I should emphasize:

(1)  I do appreciate "the flexibility that is cred" -- even though I do
not intend to use digest auth, I will most likely use other auth methods
(e.g., LDAP) -- but only over an encrypted transport.  Cred's
flexibility and other well designed architectural features are
the main reasons I use Twisted.

(2)  As I mentioned in my last message, I am campaigning against the
use of digest auth here at NASA/GSFC, because when things here need
protection, they need the best protection available, and that is *not*
digest auth.  The consequences for security compromises can be pretty
dire -- e.g.:

   (a) NASA system compromises can be front-page news
       (along with other NASA-related misadventures, as we've seen over
       the past couple days ;)
   (b) government employees are personally liable for the release
       of ITAR data -- if it goes to the wrong people, the NASA
       employee responsible can get federal *prison* time.

So you can see why the illusion of security that digest auth
gives to naive people is not good enough for my apps or for any
serious commercial or government applications.  It might be useful
for free on-line gaming communities, though.  ;)

Cheers,
Steve




More information about the Twisted-Python mailing list