SSL security authorization?
anandpillai
member29923 at dbforums.com
Tue Oct 21 09:29:44 EDT 2003
Ok. I will test this out today from home.
I see that we are talking about a kind of
interactive authentication here, since it looks
like the certificate and key files need to be
supplied as arguments.
If you are requesting a SSL authorized document
from a webserver using a webbrowser all this
happens kind of transparent right?
1. client figures out that the protocol is HTTPS.
(Most of the time the actual HTTPS url is masked
by a HTTP one, which forwards the request to
the secure server.)
2. Client asks for the SSL certificate from the
server.
3. Verifies the certificate.
4. Authorizes it with username/password or
the key file.
5. Voila, you are in.
I was wondering if it could be as transparent as this.
Psuedocode follows.
pwdmgr = HTTPSPasswordManager()
pwdmgr.add_password('realm', 'http://lockedurl', 'user', 'pass')
auth = HTTPSBasicAuthHandler(pwdmgr)
urllib2.install_opener( auth, ... )
urllib2.urlopen('http://lockedurl/lockeddoc')
I can figure that the current situation is far from it.
For example, does your code take care of the scenario
discussed above?
I will test out the urllib code anyway and also read
some documentation on SSL on the web. :-)
Thanks John
-Anand
--
"The Python Guy"
Posted via http://dbforums.com
More information about the Python-list
mailing list