Hi Brian,
On Thu, Aug 1, 2013 at 5:01 PM, Brian Wolf <[email protected]>wrote: > To ease development in other programming languages (Python in my case), > it's crucial to understand how to obtain credentials from the system after > a user has successfully logged on. I can see there is a Perl subroutine > called get_credentials() which examines the basic authentication. But, > reading Perl code (and translating it into Python) is not that simple. > > Can someone give me some guidance on how to obtain the user's password > once logged in? If it is not already available (and I mean in its > original, unhashed format), can it be added safely to a cookie? Perhaps if > encrypted (with, say, blowfish or some modern encryption)? > LedgerSMB uses the Authorization header in the HTTP protocol to transfer the user name and password. In order to be able to access the password and user name in clear text, the Basic authentication scheme *has* to be used. In pseudo code, this is what get_credentials() does: * Find the HTTP_AUTHORIZATION environment variable's value * Return HTTP error code 401 if the variable has no value/ doesn't exist (in that case, code exits here) * Remove the leading "Basic " string as per the example given in http://en.wikipedia.org/wiki/Basic_access_authentication#Client_side * Base64-decode the remaining string * Split the decoded string at the colon (':'), where the user name is the first value returned with the second being the password HTH, Erik. > Thanks. > Brian > > Brian Wolf > Phone: 410.367.2958 > Email: [email protected] > Try out Activus Secure Payments™, our recurring payments application. > Demo at http://demo.activustech.com > > > ------------------------------------------------------------------------------ > Get your SQL database under version control now! > Version control is standard for application code, but databases havent > caught up. So what steps can you take to put your SQL databases under > version control? Why should you start doing it? Read more to find out. > http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk > _______________________________________________ > Ledger-smb-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel > > -- Bye, Erik. http://efficito.com -- Hosted accounting and ERP. Robust and Flexible. No vendor lock-in.
<<activus_logo_small.png>>
------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________ Ledger-smb-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
