Web authentication
Alan Kennedy
alanmk at hotmail.com
Fri Dec 5 05:28:31 EST 2003
[John J. Lee]
> Doesn't/shouldn't http://user:passwd@example.com/blah.html work?
>
> I don't know where that syntax is specified (if anywhere)
RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax
Section: 3.2.2. Server-based Naming Authority
Quoting from that section
"""
URL schemes that involve the direct use of an IP-based protocol to
a
specified server on the Internet use a common syntax for the server
component of the URI's scheme-specific data:
<userinfo>@<host>:<port>
where <userinfo> may consist of a user name and, optionally,
scheme-
specific information about how to gain authorization to access the
server. The parts "<userinfo>@" and ":<port>" may be omitted.
server = [ [ userinfo "@" ] hostport ]
The user information, if present, is followed by a commercial
at-sign
"@".
userinfo = *( unreserved | escaped |
";" | ":" | "&" | "=" | "+" | "$" | "," )
Some URL schemes use the format "user:password" in the userinfo
field. This practice is NOT RECOMMENDED, because the passing of
authentication information in clear text (such as URI) has proven
to
be a security risk in almost every case where it has been used.
"""
regards,
--
alan kennedy
------------------------------------------------------
check http headers here: http://xhaus.com/headers
email alan: http://xhaus.com/contact/alan
More information about the Python-list
mailing list