classification
Title: urllib2 http auth
Type: enhancement Stage: test needed
Components: Library (Lib) Versions: Python 3.1, Python 2.7
process
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: gregory.p.smith Nosy List: ajaksu2, gregory.p.smith, orsenthil, wayland
Priority: normal Keywords:

Created on 2004-09-10 02:52 by wayland, last changed 2009-04-26 03:53 by gregory.p.smith. This issue is now closed.

Messages (5)
msg61176 - (view) Author: Tim Nelson (wayland) Date: 2004-09-10 02:52
Hi.  I'd like it if urllib2 could use the
https://user:password@host:port/ for HTTP Basic
Authentication.  

Just for the record, my reason for wanting this is that
RedHat's up2date depends on urllib2, and I want to use
an authenticated up2date repository.  This may not be
the world's greatest way of achieving this end, but it
seemed to me to be the simplest and most resuable.  
msg76853 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2008-12-03 23:56
this should be trivial to implement (other than urllib and urllib2 being
a giant mess).  adding to my queue.
msg78223 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2008-12-23 03:31
This issue makes a request to implement, plain-text inurl password
authentication like "https://user:password@host:port/ for HTTP Basic
Authentication. " for urllib2.

As per rfc3986, this is strongly discouraged and is deprecated.

See the section: 3.2.1.  User Information


Use of the format "user:password" in the userinfo field is
   deprecated.  Applications should not render as clear text any data
   after the first colon (":") character found within a userinfo
   subcomponent unless the data after the colon is the empty string
   (indicating no password).  Applications may choose to ignore or
   reject such data when it is received as part of a reference and
   should reject the storage of such data in unencrypted form.  The
   passing of authentication information in clear text has proven to be
   a security risk in almost every case where it has been used.


Also, this was reported on 2004-09-10! We do not have any other similar
requests inline.  AFAIK, current urllib2 will authenticate and fetch the
documents with HTTP Basic authentication when password is passed along
in the url like the case specifies. I do not what was the case in 2004.

My conclusion for this request is to Close it as either "Invalid" or
"Wont Fix".
msg86595 - (view) Author: Daniel Diniz (ajaksu2) (Python triager) Date: 2009-04-26 02:41
Needs confirmation.
msg86599 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2009-04-26 03:53
agreed, its not needed.  closing.  if someone wants it they're welcome
to supply a patch with tests.
History
Date User Action Args
2009-04-26 03:53:54gregory.p.smithsetstatus: open -> closed
resolution: wont fix
messages: + msg86599
2009-04-26 02:41:26ajaksu2setversions: + Python 3.1, Python 2.7
nosy: + ajaksu2

messages: + msg86595

stage: test needed
2008-12-23 03:31:42orsenthilsetnosy: + orsenthil
messages: + msg78223
2008-12-03 23:56:28gregory.p.smithsetassignee: gregory.p.smith
messages: + msg76853
nosy: + gregory.p.smith
2004-09-10 02:52:57waylandcreate