classification
Title: urllib2 authentication manager retries forever if password is wrong
Type: behavior Stage:
Components: Library (Lib) Versions: Python 2.6
process
Status: closed Resolution: duplicate
Dependencies: Superseder:
Assigned To: orsenthil Nosy List: Jurjen, orsenthil
Priority: normal Keywords:

Created on 2010-06-04 07:10 by Jurjen, last changed 2010-06-04 07:38 by orsenthil. This issue is now closed.

Files
File name Uploaded Description Edit
circumvent.py Jurjen, 2010-06-04 07:10 sample code
Messages (5)
msg107009 - (view) Author: jurjen Bos (Jurjen) Date: 2010-06-04 07:10
If you use an authentication manager from urllib2, it will submit user code and password if authentication fails.
However, if the password is wrong, the authentication manager will happily try again, again with the same password.
A simple way to circumvent this is attached: it modifies the password manager's behaviour to submit each password only once.
One problem I see is in cases where a program needs to log in multiple times in the same site: I propose an extra call to the password manager to reset the "visited" flag.

More details and sample code are in the file.
msg107010 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2010-06-04 07:19
There was a fix made in issue8797, which adopts a retry approach before failing for wrong password. This is present for Basic Auth and Digest Auth, so the problem wont be faced. Jurjen, do you have any comments before I mark this as Invalid. I see you have adopted a different approach for the patch, but the result would be same (no infinite retries)
msg107011 - (view) Author: jurjen Bos (Jurjen) Date: 2010-06-04 07:29
Yep you're right. In that thread they are talking about the exact same problem as I was having. Obviously, I didn't find that one when I was looking for the problem in the database before I posted this.
I do have my doubts about the 5 retries they propose though, I am not sure that the web site I use will not block the account if someone does 5 attempts.
- Jurjen
msg107013 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2010-06-04 07:36
Okay, so there is another negative vote 5 retries in the basic auth.
But yeah, this bug can be marked duplicate.
msg107014 - (view) Author: Senthil Kumaran (orsenthil) * (Python committer) Date: 2010-06-04 07:38
Duplicate of issue8797
History
Date User Action Args
2010-06-04 07:38:17orsenthilsetstatus: open -> closed
resolution: duplicate
messages: + msg107014
2010-06-04 07:36:49orsenthilsetmessages: + msg107013
2010-06-04 07:29:55Jurjensetmessages: + msg107011
2010-06-04 07:19:54orsenthilsetassignee: orsenthil

messages: + msg107010
nosy: + orsenthil
2010-06-04 07:10:26Jurjencreate