Message 236558 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	demian.brecht
Recipients	demian.brecht, leotan, martin.panter
Date	2015-02-25.01:25:07
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1424827508.53.0.191628428832.issue23516@psf.upfronthosting.co.za>
In-reply-to

Content
> Sounds like this might be in a third-party module +1. urllib3.url_parse doesn't make use of the standard library. > userinfo = *( unreserved / pct-encoded / sub-delims / ":" ) This leads me to believe that using something like this might work: from urllib.parse import quote userinfo = '{}:{}'.format(quote(user), quote(password)) That said, there's also another relevant block that should be of note in the RFC: Use of the format "user:password" in the userinfo field is deprecated. Applications should not render as clear text any data after the first colon (":") character found within a userinfo subcomponent unless the data after the colon is the empty string (indicating no password). Applications may choose to ignore or reject such data when it is received as part of a reference and should reject the storage of such data in unencrypted form. The passing of authentication information in clear text has proven to be a security risk in almost every case where it has been used. In any event, this issue should be closed as it's not related to the standard library.

> Sounds like this might be in a third-party module

+1. urllib3.url_parse doesn't make use of the standard library.

> userinfo = *( unreserved / pct-encoded / sub-delims / ":" )

This leads me to believe that using something like this might work:

from urllib.parse import quote
userinfo = '{}:{}'.format(quote(user), quote(password))

That said, there's also another relevant block that should be of note in the RFC:

   Use of the format "user:password" in the userinfo field is
   deprecated.  Applications should not render as clear text any data
   after the first colon (":") character found within a userinfo
   subcomponent unless the data after the colon is the empty string
   (indicating no password).  Applications may choose to ignore or
   reject such data when it is received as part of a reference and
   should reject the storage of such data in unencrypted form.  The
   passing of authentication information in clear text has proven to be
   a security risk in almost every case where it has been used.

In any event, this issue should be closed as it's not related to the standard library.

History
Date	User	Action	Args
2015-02-25 01:25:08	demian.brecht	set	recipients: + demian.brecht, martin.panter, leotan
2015-02-25 01:25:08	demian.brecht	set	messageid: <1424827508.53.0.191628428832.issue23516@psf.upfronthosting.co.za>
2015-02-25 01:25:08	demian.brecht	link	issue23516 messages
2015-02-25 01:25:07	demian.brecht	create