This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author dfischer
Recipients TFKyle, ajaksu2, dfischer, jjlee, orsenthil
Date 2010-02-10.03:43:28
SpamBayes Score 0.005906699
Marked as misclassified No
Message-id <>
I believe this bug affects urllib2 when it talks to the corporate single-sign-on solution Siteminder. Siteminder usually is installed as a web server module. When a request is made to the server (origin server), Siteminder issues a 302 redirect to a central authentication server running SSL passing the original request URL of the origin server. The central server responds with a 401 basic authentication challenge. Urllib2 responds with the password from the HTTPPasswordMgr. The central server sets some cookies and responds with a 302 redirect to the origin server on the original URL. Urllib2 then sends the authentication and cookies to the origin server which is virtually always unprotected. Browsers do not send the authentication to the origin server -- only the cookies.
Date User Action Args
2010-02-10 03:43:32dfischersetrecipients: + dfischer, jjlee, orsenthil, ajaksu2, TFKyle
2010-02-10 03:43:31dfischersetmessageid: <>
2010-02-10 03:43:29dfischerlinkissue3819 messages
2010-02-10 03:43:28dfischercreate