Passwords in APIs
John J Lee
jjl at pobox.com
Mon Dec 9 18:03:36 EST 2002
I maintain a free Python package for dealing with HTML forms on the
client side (http://wwwsearch.sourceforge.net/ClientForm). HTML forms
are made up of controls -- eg. list boxes, text entry areas,
checkboxes, etc. ATM, I just deal with <INPUT TYPE=PASSWORD> controls
in the same way as everything else:
control["uname"] = "joe" # TEXT
control["pswd"] = "joe" # PASSWORD
This leaves a reference to (not a copy of) the password somewhere
where the user doesn't have access to it. In theory, this sounds like
a bad idea. One could add something to the API that avoids this by
allowing passing passwords in at form submission time, eg.:
form.click("submit", passwords=[("pswd", "joe")])
But I wonder if, in reality, there is any real point, since I don't
have many specific ideas about how the presence of these references
might be exploited. The only thing I can come up with is that it's
possible someone could add an HTMLForm instance to an object, then end
up pickling the object to disk, perhaps not realising that the
password is still in there. I suppose this may be sufficient reason
in itself.
Any general points about dealing with passwords in APIs, or ones
specific to this application, are welcome.
For those who are wondering why I worry about this when HTML form
submission takes place in the clear -- sometimes the data *are*
encrypted, when using https, for example.
John
More information about the Python-list
mailing list