Andrew Cooke | Contents | Latest | RSS | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Choochoo Training Diary

Last 100 entries

[Programming] React Leaflet; AliExpress Independent Sellers; Applebaum - Twilight of Democracy; [Politics] Back + US Elections; [Programming,Exercise] Simple Timer Script; [News] 2019: The year revolt went global; [Politics] The world's most-surveilled cities; [Bike] Hope Freehub; [Restaurant] Mama Chau's (Chinese, Providencia); [Politics] Brexit Podcast; [Diary] Pneumonia; [Politics] Britain's Reichstag Fire moment; install cairo; [Programming] GCC Sanitizer Flags; [GPU, Programming] Per-Thread Program Counters; My Bike Accident - Looking Back One Year; [Python] Geographic heights are incredibly easy!; [Cooking] Cookie Recipe; Efficient, Simple, Directed Maximisation of Noisy Function; And for argparse; Bash Completion in Python; [Computing] Configuring Github Jekyll Locally; [Maths, Link] The Napkin Project; You can Masquerade in Firewalld; [Bike] Servicing Budget (Spring) Forks; [Crypto] CIA Internet Comms Failure; [Python] Cute Rate Limiting API; [Causality] Judea Pearl Lecture; [Security, Computing] Chinese Hardware Hack Of Supermicro Boards; SQLAlchemy Joined Table Inheritance and Delete Cascade; [Translation] The Club; [Computing] Super Potato Bruh; [Computing] Extending Jupyter; Further HRM Details; [Computing, Bike] Activities in ch2; [Books, Link] Modern Japanese Lit; What ended up there; [Link, Book] Logic Book; Update - Garmin Express / Connect; Garmin Forerunner 35 v 230; [Link, Politics, Internet] Government Trolls; [Link, Politics] Why identity politics benefits the right more than the left; SSH Forwarding; A Specification For Repeating Events; A Fight for the Soul of Science; [Science, Book, Link] Lost In Math; OpenSuse Leap 15 Network Fixes; Update; [Book] Galileo's Middle Finger; [Bike] Chinese Carbon Rims; [Bike] Servicing Shimano XT Front Hub HB-M8010; [Bike] Aliexpress Cycling Tops; [Computing] Change to ssh handling of multiple identities?; [Bike] Endura Hummvee Lite II; [Computing] Marble Based Logic; [Link, Politics] Sanity Check For Nuclear Launch; [Link, Science] Entropy and Life; [Link, Bike] Cheap Cycling Jerseys; [Link, Music] Music To Steal 2017; [Link, Future] Simulated Brain Drives Robot; [Link, Computing] Learned Index Structures; Solo Air Equalization; Update: Higher Pressures; Psychology; [Bike] Exercise And Fuel; Continental Race King 2.2; Removing Lowers; Mnesiacs; [Maths, Link] Dividing By Zero; [Book, Review] Ray Monk - Ludwig Wittgenstein: The Duty Of Genius; [Link, Bike, Computing] Evolving Lacing Patterns; [Jam] Strawberry and Orange Jam; [Chile, Privacy] Biometric Check During Mail Delivery; [Link, Chile, Spanish] Article on the Chilean Drought; [Bike] Extended Gear Ratios, Shimano XT M8000 (24/36 Chainring); [Link, Politics, USA] The Future Of American Democracy; Mass Hysteria; [Review, Books, Links] Kazuo Ishiguro - Never Let Me Go; [Link, Books] David Mitchell's Favourite Japanese Fiction; [Link, Bike] Rear Suspension Geometry; [Link, Cycling, Art] Strava Artwork; [Link, Computing] Useful gcc flags; [Link] Voynich Manuscript Decoded; [Bike] Notes on Servicing Suspension Forks; [Links, Computing] Snap, Flatpack, Appimage; [Link, Computing] Oracle is leaving Java (to die); [Link, Politics] Cubans + Ultrasonics; [Book, Link] Laurent Binet; VirtualBox; [Book, Link] No One's Ways; [Link] The Biggest Problem For Cyclists Is Bad Driving; [Computing] Doxygen, Sphinx, Breathe; [Admin] Brokw Recent Permalinks; [Bike, Chile] Buying Bearings in Santiago; [Computing, Opensuse] Upgrading to 42.3; [Link, Physics] First Support for a Physics Theory of Life; [Link, Bike] Peruvian Frame Maker; [Link] Awesome Game Theory Tit-For-Tat Thing; [Food, Review] La Fabbrica - Good Italian Food In Santiago; [Link, Programming] MySQL UTF8 Broken; [Link, Books] Latin American Authors

© 2006-2017 Andrew Cooke (site) / post authors (content).

Basic HTTP Authentication with XMLRPC in Python

From: "andrew cooke" <andrew@...>

Date: Wed, 31 Dec 2008 17:42:05 -0300 (CLST)

I couldn't find anywhere on the 'net that clearly documented this - there
are various old discussions, but they tend to be out of date.  So here's a
brief sketch of what works.

[Note that HTTP basic authentication - RFC 2617
http://www.faqs.org/rfcs/rfc2617.html - effectively sends username and
password as cleartext.  This is not secure.  As far as I can tell, digest
authentication is not supported, so a more secure (but more complex)
solution would involve SSL (a possible compromise would be basic auth over
SSL, which would only require a server certificate, but which has its own
limitations).]

On the client side, nothing is needed except that username and password
should be placed in the URL used.  The libraries used by xmlrpclib will
construct the correct HTTP header (see below).  So the client code is
simply:

  import xmlrpclib
  server = xmlrpclib.ServerProxy('http://user:pass@...')
  ...

But, obviously, a more typical use case would supply dynamic values.

This generates the Authorization HTTP header, with the format (RFC 2617):

  Authorization: Basic Zm9vOmJhcg==

where Zm9vOmJhcg== is the base64 encoding of, in this case, "foo:bar"
(username and password).  So validation is trivial once this header is
retrieved:

  from base64 import b64decode
  ...
  (basic, _, encoded) = \
    headers.get('Authorization').partition(' ')
  assert basic == 'Basic', 'Only basic authentication supported'
  (username, _, password) = b64decode(encoded).partition(':')
  assert username == 'foo'
  assert password == 'bar'

The only remaining part of the puzzle, then, is how to get the headers. 
Poking around in the source it seems that it is necessary to override
BaseHTTPServer.BaseHTTPRequestHandler.parse_request (which is subclassed
bySimpleXMLRPCServer.SimpleXMLRPCRequestHandler).

So a suitable server class would look like:


  from SimpleXMLRPCServer import SimpleXMLRPCServer, \
    SimpleXMLRPCRequestHandler

  class VerifyingServer(SimpleXMLRPCServer):

    def __init__(self, ..., *args, **kargs):
      # we use an inner class so that we can call out to the
      # authenticate method
      class VerifyingRequestHandler(SimpleXMLRPCRequestHandler):
        # this is the method we must override
        def parse_request(myself):
          # first, call the original implementation which returns
          # True if all OK so far
          if SimpleXMLRPCRequestHandler.parse_request(myself):
            # next we authenticate
            if self.authenticate(myself.headers):
              return True
            else:
              # if authentication fails, tell the client
              myself.send_error(401, 'Authentication failed')
          return False
      # and intialise the superclass with the above
      SimpleXMLRPCServer.__init__(self,
        requestHandler=VerifyingRequestHandler,
        *args, **kargs)

    def authenticate(self, headers):
      # see earlier

Note the distinction between "self" and "myself" above.

Andrew

Comment on this post