On Thu, Aug 1, 2013 at 5:01 PM, Brian Wolf <..hidden..> wrote:
Erik.
To ease development in other programming languages (Python in my case), it's crucial to understand how to obtain credentials from the system after a user has successfully logged on. I can see there is a Perl subroutine called get_credentials() which examines the basic authentication. But, reading Perl code (and translating it into Python) is not that simple.
Can someone give me some guidance on how to obtain the user's password once logged in? If it is not already available (and I mean in its original, unhashed format), can it be added safely to a cookie? Perhaps if encrypted (with, say, blowfish or some modern encryption)?
LedgerSMB uses the Authorization header in the HTTP protocol to transfer the user name and password. In order to be able to access the password and user name in clear text, the Basic authentication scheme *has* to be used.
In pseudo code, this is what get_credentials() does:
* Find the HTTP_AUTHORIZATION environment variable's value
* Return HTTP error code 401 if the variable has no value/ doesn't exist (in that case, code exits here)
* Remove the leading "Basic " string as per the example given in http://en.wikipedia.org/wiki/Basic_access_authentication#Client_side
* Base64-decode the remaining string
* Split the decoded string at the colon (':'), where the user name is the first value returned with the second being the password
HTH,
Erik.
Thanks.
Brian
Brian WolfPhone: 410.367.2958Email: ..hidden..Try out Activus Secure Payments™, our recurring payments application.Demo at http://demo.activustech.com
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
