Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"Help Mr. Wizard!" -- Tennessee Tuxedo

devel / comp.lang.python / Re: basic auth request

SubjectAuthor
o Re: basic auth requestChris Angelico

1
Re: basic auth request

<mailman.424.1629235122.4164.python-list@python.org>

  copy mid

https://www.novabbs.com/devel/article-flat.php?id=14653&group=comp.lang.python#14653

  copy link   Newsgroups: comp.lang.python
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!not-for-mail
From: ros...@gmail.com (Chris Angelico)
Newsgroups: comp.lang.python
Subject: Re: basic auth request
Date: Wed, 18 Aug 2021 07:18:28 +1000
Lines: 26
Message-ID: <mailman.424.1629235122.4164.python-list@python.org>
References: <CAPTjJmo0d_t3XG6KH++XhkStB5GyyFbtv=4Sj3tQXM_Sn-E5zA@mail.gmail.com>
<54465DA0-2977-4EAD-8CD2-C398F5ACF121@barrys-emacs.org>
<CAPTjJmqjmqfJD1BpiMSux2jcEEcyax=AhdCeAOGJa=UKvSQjow@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Trace: news.uni-berlin.de MSq5RUlh+z81nRCDoQmSSgIsPR9zDieOdsyIjhCzP1GA==
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=pass
reason="2048-bit key; unprotected key"
header.d=gmail.com header.i=@gmail.com header.b=Vx0up4ei;
dkim-adsp=pass; dkim-atps=neutral
X-Spam-Status: OK 0.041
X-Spam-Evidence: '*H*': 0.92; '*S*': 0.00; '18,': 0.09; 'alternative':
0.09; 'angelico': 0.09; 'aug': 0.09; 'auth': 0.09; 'barry': 0.09;
'4:16': 0.16; 'chrisa': 0.16; 'from:addr:rosuav': 0.16;
'from:name:chris angelico': 0.16; 'server,': 0.16; 'serving':
0.16; 'threat': 0.16; 'wrote:': 0.16; 'to:addr:python-list': 0.23;
'chris': 0.26; 'subject:request': 0.29; 'there': 0.31;
'to:name:python': 0.32; 'message-id:@mail.gmail.com': 0.33;
'received:209.85.166': 0.33; 'header:In-Reply-To:1': 0.33;
'received:google.com': 0.34; 'from:addr:gmail.com': 0.35;
"that's": 0.37; 'received:209.85': 0.38; "it's": 0.38;
'received:209': 0.38; 'require': 0.40; 'all.': 0.40; 'likely':
0.61; 'exactly': 0.69; 'matter': 0.69; 'you.': 0.70; '2021': 0.84;
'encrypted,': 0.84; 'irrelevant,': 0.84; 'scott': 0.84; 'body.':
0.91; 'secure.': 0.91
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:content-transfer-encoding;
bh=P5gopq++S+5xWFrfFA/So2N1BxOtSkRO7Sj7EnB2cAo=;
b=Vx0up4eivM8Hs/JZp2xAKSAiqWEgwfakdCp2bfp0f2wqTAqo9UNF64XsYNVqsrVIU/
zT3+anlzxai5wfcvd1gLEMwuydRR2HxoNZ9i4hJ6dGepUC8A0t6fu+YcYm2jeGHQcjuQ
o5PxtHLdczHjahpmpro5gJTxwRT1KOpaA5+/cIhja6FOF4o3uMVEcnpEGaLq6Tl4AOwk
ejd//sat6vUX5wXpGTE7l6kRHpCto+g8Ug20cl+B4bjfwTdYV8mnZy3lP8q3+dMirluN
V4aeBjX47gL610hCyF2W9srKUgGs76ibkPSH+Qd5iN9V49bzwd/Ph/cbG0t23YSNNyet
4ksg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:content-transfer-encoding;
bh=P5gopq++S+5xWFrfFA/So2N1BxOtSkRO7Sj7EnB2cAo=;
b=K/cOowI32MSpEbszGftwg1ShgjZRV+Teegaq3nzNVP0YLuxLvgCKRUV+/P+6yjvvdi
K2ifNNEj/aHnzWCHVpaSxfFa06sRKh7IwY7j+73/pmuzJ1npR/Qzv102BFDSlTij7Fm3
msaU7CeNJqXEhb7gldJ6o9stqvSy/QT6RvR/GwfBudf8XL9p3nubxjvpaQ2D4bj3LSvH
JSR1yNEE04gw7PD+BVxLw+O2YQPsSaE9fFRK9i4t/ErquihVjdIMqUvdKGpIY4flCkVO
pjMwr/kXLHWbY1SUy8xM3pCJMoFDtFnkTf/9kD7PTvZ6w5LovYGmvIU2KpAL5GpDsMdl
IDSA==
X-Gm-Message-State: AOAM532t5G/S53qd54fmqiJoUe25uU0FjlgJlFBUxLXfq2Z9nRUk+kbD
IpbFg4GZBx1VfoJ1fClETAKZVmFAyn7J0ocAr/g+J07R
X-Google-Smtp-Source: ABdhPJybP/HMhBkeR/4l3eXKp84qToUwnb+A4TxkqxYnjjhBuGQedfwy+1hjc9+QzeMw+w4JV/RkjT8Wr1I/Fa2J71Q=
X-Received: by 2002:a5e:db06:: with SMTP id q6mr4456362iop.24.1629235119495;
Tue, 17 Aug 2021 14:18:39 -0700 (PDT)
In-Reply-To: <54465DA0-2977-4EAD-8CD2-C398F5ACF121@barrys-emacs.org>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <CAPTjJmqjmqfJD1BpiMSux2jcEEcyax=AhdCeAOGJa=UKvSQjow@mail.gmail.com>
X-Mailman-Original-References: <CAPTjJmo0d_t3XG6KH++XhkStB5GyyFbtv=4Sj3tQXM_Sn-E5zA@mail.gmail.com>
<54465DA0-2977-4EAD-8CD2-C398F5ACF121@barrys-emacs.org>
 by: Chris Angelico - Tue, 17 Aug 2021 21:18 UTC

On Wed, Aug 18, 2021 at 7:15 AM Barry <barry@barrys-emacs.org> wrote:
>
>
>
> > On 17 Aug 2021, at 19:25, Chris Angelico <rosuav@gmail.com> wrote:
> >
> > On Wed, Aug 18, 2021 at 4:16 AM Barry Scott <barry@barrys-emacs.org> wrote:
> >> Oh and if you have the freedom avoid Basic Auth as its not secure at all.
> >>
> >
> > That's usually irrelevant, since the alternative is most likely to be
> > form fill-out, which is exactly as secure. If you're serving over
> > HTTPS, the page is encrypted, and that includes the headers; if you're
> > not, then it's not encrypted, and that includes the form body.
>
> There is digest and Ntlm that do not reveal the password.
>

And they require that the password be stored decryptably on the
server, which is a different vulnerability. It's all a matter of which
threat is more serious to you. Fundamentally, basic auth is no better
or worse than any of the other forms - it's just different.

ChrisA

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor