Validate user on FreeBSD
Steven Taschuk
staschuk at telusplanet.net
Fri Mar 21 14:55:35 EST 2003
Quoth Dan Nyanko:
> Steven Taschuk <staschuk at telusplanet.net> wrote in message news:<mailman.1048222276.31387.python-list at python.org>...
[...]
> > Why not just use ftp or sftp?
>
> This is a learning project and a hobby. [...]
Ah. Then see below.
> [...] Using existing programs is
> not why a person visits comp.lang.*
(Some people visit comp.lang.* just looking for help doing
something with language X, not having thought about whether they
should actually be writing something for that purpose in the first
place.)
> I put port 510 for no other reason that I was reading about FCP when I
> wrote the program. I guess I was thinking along the lines of
> cryptography and a secure protocol for sending files across tcp/ip...
> Of course, my code does not accomplish any of that but I would like
> for it to do so in the future.
The socket module has support for SSL connections; this can get
you encryption over the link, which is a good start. If you have
any real need for encryption, I recommend re-using SSL rather than
rolling your own; it is notoriously difficult to make
cryptographically secure systems.
For authentication, there's a few things you could do. Probably
easiest: once the connection is encrypted, prompt for a user name
and password, look up the user name in some local database which
lists for each user the right password [1] and other data of
interest such as the user's home directory and whatnot. On Unixy
systems, you can access the /etc/passwd database with the pwd
module.
(If the link is not encrypted, this method is bad. It's also
vulnerable to man-in-the-middle attacks in any case.)
Once you've authenticated the user, you can downgrade your
privileges to that user's with os.setuid() or os.seteuid(); see
man 2 set[e]uid for details.
[1] Actually one rarely stores the password itself; /etc/passwd
stores a hash instead, so if the password file is compromised it's
not a complete disaster. See the crypt module.
--
Steven Taschuk staschuk at telusplanet.net
Receive them ignorant; dispatch them confused. (Weschler's Teaching Motto)
More information about the Python-list
mailing list