A query for both you and Ralph: Do these techniques somehow prevent
the same
behaviour as was occurring with Chromium, where logins were being
'remembered'
across sessions?
I think you’ll see a similar effect - that the basic auth credentials
will be ‘remembered’, but I don’t think that is
On Saturday, 30 January 2021 09:46:59 GMT Stephen Wolff wrote:
> You can do it with nginx as well - and it’s as simple as with Apache:
>
> -
> https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http->
> basic-authentication/
>
> But as you say, your system is pretty
Hi Terry,
I'm going to use nginx rather than Apache, simply because it is what I
used
for the original Audio Guide and Quiz Webserver so I have prior
experience
with it. Also it is lightweight which is also a bonus with the RPi
and one of
the reasons that I chose it 3-4 years ago.
You can
On Saturday, 30 January 2021 08:30:22 GMT Ralph Corderoy wrote:
> If you don't need to enforce that short 15-minute authorisation time
> then I think Stephen is right that it's easier to configure Apache to
> guard the control page, with your Python knowing nothing about it.
>
Hi Terry,
> > - Does the whole site require authentication?
>
> No. Only the Control Page.
>
> > - Are the users who need to authenticate a handful so they can be
> > educated in responding to the browser's login prompt?
>
> Yes. A very slack handful. :-) Probably no more than half a dozen.
On Tuesday, 26 January 2021 18:16:58 GMT Patrick Wigmore wrote:
> Sorry for any confusion I may have injected.
Any confusion is definitely created by me.
--
Terry Coles
--
Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00
Check to whom you are replying
On Tuesday, 26 January 2021 17:48:32 GMT Ralph Corderoy wrote:
> Either way, cookies aren't part of the mechanism, even if they may be
> present for other reasons which explains why clearing cookies didn't
> have a matching effect.
But it did
> Rewinding some months...
When were these
On Tue, 26 Jan 2021 14:42:22 +, Terry Coles wrote:
> Oh. OK. I understand that is the code the Flask method and not the
> code for the Flask Development Server, but surely it's the server
> that sets the cookie?
The term 'server' can become a bit muddled here. If you look at it
from a
Hi Terry,
> Stephen wrote:
> > I think Ralph meant in the link he sent, which had the code from the
> > Flask codebase for its version of HTTPBasicAuth. For basic auth it’s
> > usually much simpler to use an .htaccess file, or with nginx the
> > equivalent.
>
> Oh. OK. I understand that is the
On Tuesday, 26 January 2021 14:34:10 GMT Stephen Wolff wrote:
> I think Ralph meant in the link he sent, which had the code from the
> Flask codebase for its version of HTTPBasicAuth. For basic auth it’s
> usually much simpler to use an .htaccess file, or with nginx the
> equivalent.
Oh. OK. I
What code on the server is setting a cookie? As I said above, I
didn't
spot HTTPBasicAuth updating a session, though perhaps I'm missing it.
I think Ralph meant in the link he sent, which had the code from the
Flask codebase for its version of HTTPBasicAuth. For basic auth it’s
usually much
On Tuesday, 26 January 2021 14:14:23 GMT Ralph Corderoy wrote:
> What code on the server is setting a cookie? As I said above, I didn't
> spot HTTPBasicAuth updating a session, though perhaps I'm missing it.
This is the Flask Development Server, so I don't know ;-(
> Until the use of cookies by
Hi Terry,
> > Are you certain it uses the first example which is ‘HTTPBasicAuth’?
>
> It certainly is.
>
> > From
> > https://github.com/miguelgrinberg/Flask-HTTPAuth/blob/master/flask_httpauth.py
> > I don't spot that authentication method updating a session, unlike
> > HTTPDigestAuth, for
On Tuesday, 26 January 2021 13:42:35 GMT Ralph Corderoy wrote:
> In Firefox, ‘Tools → Web Developer → Network’ when viewing your page of
> interest. Click ‘Reload’ so your page reloads and the new Network
> window shows the traffic.
>
> Select a HTTP request of interest and in the new pane
Hi Terry,
> Stephen wrote:
> > You can view what cookies are stored in the ‘inspector’, so worth
> > checking whether any are stored for an ‘http’ rather than ‘https’
> > connection.
>
> I'm assuming that this ‘inspector’ is accessed via the 'More tools -
> Developer tools' Menu item. I tried
On Tuesday, 26 January 2021 13:34:10 GMT Ralph Corderoy wrote:
> Are you certain it uses the first example which is ‘HTTPBasicAuth’?
It certainly is.
> From
> https://github.com/miguelgrinberg/Flask-HTTPAuth/blob/master/flask_httpauth.
> py I don't spot that authentication method updating a
Hi Terry,
> I have set up basic protection for my Minster Control Web page using
> the information in the man page for flask-httpauth see:
>
> http://manpages.ubuntu.com/manpages/groovy/man1/flask-httpauth.1.html
>
> My App uses the code in the first example given and works fine
Are you certain
On Monday, 25 January 2021 14:51:59 GMT Patrick Wigmore wrote:
> This means you can have a server-side time-out on the session, after
> which the user's session cookie is worthless and they have to get a
> new one by logging in anew.
I'll look into that once I've deployed the server on the Pi.
On Mon, 25 Jan 2021 13:41:57 +, Terry Coles wrote:
> Since we can't force anyone to clear their cookies, I guess this
> comes back to my original query; how unsafe is this? I can see
> Hamish's point, the session cookie is only going to be stored on
> the user's device, so if he keeps it
On Monday, 25 January 2021 13:04:08 GMT Stephen Wolff wrote:
> It might be an issue with ‘https’, as Chrome is very fussy about
> this nowadays. Not sure whether Chromium is the same, but it is likely
> to be.
Hmmm. When I did the original Web Server at WMT (Audio Guide, Kiddies
Quiz,etc), I
I imagine this will be to do with the cookie and session cookie
settings
you have set for those browsers. My guess is you have Firefox set to
clear them when closed, but not with Chromium.
Store cookies *was* on in Chromium and off in Firefox. Turning it off
in
Chromium didn't stop the
On Monday, 25 January 2021 12:39:24 GMT Hamish McIntyre-Bhatty wrote:
> I imagine this will be to do with the cookie and session cookie settings
> you have set for those browsers. My guess is you have Firefox set to
> clear them when closed, but not with Chromium.
Store cookies *was* on in
On 25/01/2021 12:34, Terry Coles wrote:
> Hi,
>
> I have set up basic protection for my Minster Control Web page using the
> information in the man page for flask-httpauth see:
>
> http://manpages.ubuntu.com/manpages/groovy/man1/flask-httpauth.1.html
>
> My App uses the code in the first example
Hi,
I have set up basic protection for my Minster Control Web page using the
information in the man page for flask-httpauth see:
http://manpages.ubuntu.com/manpages/groovy/man1/flask-httpauth.1.html
My App uses the code in the first example given and works fine, except that if
I
log in to my
24 matches
Mail list logo