cgi authentication
tonyscaponi at my-deja.com
tonyscaponi at my-deja.com
Thu Dec 16 14:16:27 EST 1999
Magnus L. Hetland <mlh at idt.ntnu.no> wrote:
>"Dan Grassi" <Dan at Grassi.com> wrote:
>>I need to do authentication from Python, for various reasons using Apache
>>and .htaccess is not a workable solution. I can get the request to show up
>>with the following code but I can not figure out how to access the returned
>>name/password pair. Yes, I have looked hard for the info on the web and in
>>the books. "-)
>
>Well-I have had the same problem, and AFAIK, Apache refuses to give you the
>password (ostensibly for security reasons...) There is a patched version
>available somewhere...
As near as I can tell, Apache (we use 1.3.9) *does* give the password, if
you request full headers. The password is stored in the "Authorization:"
header in base64. I use the following PHP to get the username/password
pair from that header:
<html>
<head>
<title>I Know a Secret!</title>
</head>
<body>
<h1>I Know a Secret!</h1>
<?php
$theHeaders=getallheaders();
$theEncoded = $theHeaders["Authorization"];
$theEncoded = substr($theEncoded,6);
$theDecoded = base64_decode($theEncoded);
list($username,$password) = explode(":",$theDecoded);
echo "<b>Your Username: $username</b><br>\n";
echo "<b>Your Password: $password</b><br>\n";
?>
</body>
</html>
I'd guess you can do the same thing in Python. I'd like to know how to
disable access to the Authorization header; that's how I found this
discussion :*)
Jerry
Sent via Deja.com http://www.deja.com/
Before you buy.
More information about the Python-list
mailing list