SSL security authorization?

[anandpillai]

Ok. I will test this out today from home.



I see that we are talking about a kind of

interactive authentication here, since it looks

like the certificate and key files need to be

supplied as arguments.



If you are requesting a SSL authorized document

from a webserver using a webbrowser all this

happens kind of transparent right?



1. client figures out that the protocol is HTTPS.

   (Most of the time the actual HTTPS url is masked

    by a HTTP one, which forwards the request to

    the secure server.)



2. Client asks for the SSL certificate from the

    server.



3. Verifies the certificate.



4. Authorizes it with username/password or

   the key file.



5. Voila, you are in.



   I was wondering if it could be as transparent as this.



   Psuedocode follows.



    pwdmgr = HTTPSPasswordManager()

    pwdmgr.add_password('realm', 'http://lockedurl', 'user', 'pass')

     auth = HTTPSBasicAuthHandler(pwdmgr)



     urllib2.install_opener( auth, ... )



     urllib2.urlopen('http://lockedurl/lockeddoc')





I can figure that the current situation is far from it.

For example,  does your code take care of the scenario

discussed above?



I will test out the urllib code anyway and also read

some documentation on SSL on the web. :-)



Thanks John



-Anand


--
"The Python Guy"


Posted via http://dbforums.com