0

I am working on a sample code given in the python documentation, the code is:

from wsgiref.simple_server import make_server, demo_app

httpd = make_server('', 8000, demo_app)
print "Serving HTTP on port 8000..."

# Respond to requests until process is killed
httpd.serve_forever()

# Alternative: serve one request, then exit
httpd.handle_request()

I can access this through the localhost on port 8000, but now if I want to pass username/password with the "localhost:8000 username, password" how do I do this. I have figured out how I would get to know if the authentication was unsuccessful but not how to actually receive the username/password for checking..

Any hints, and tips.....

Cheers,

AliR
  • 2,065
  • 1
  • 27
  • 37
  • Its better to generate API keys for users and they use that as a key=xxx argument to the query string... you then verify that its a valid key and serve the content... – Joran Beasley Sep 27 '12 at 04:55
  • @Joran, thanks for the tip but I don't have options here. Any work arounds you might know about? – AliR Sep 27 '12 at 04:57
  • 1
    just have them add user=xxx&pass=xxx and validate them before you serve it...but this is not very safe as most users will be sending their credentials over unsecured connections – Joran Beasley Sep 27 '12 at 05:01
  • yup but how to do this, do you have any sample code... – AliR Sep 27 '12 at 05:02
  • I dont know how to with wsgiref ... but in django it would be something like http://ideone.com/0smDW in django for example... – Joran Beasley Sep 27 '12 at 05:08
  • According to the Python documentation for wsgiref: "Each web application is callable with two arguments, environment dictionary and a start_response function". So its different from django, I think... Anyways thanks for the link – AliR Sep 27 '12 at 05:10

1 Answers1

1

If you pass username/password in the query string like http://localhost:8000?username=x&password=y, you can retrieve them in your WSGI handler function from the environ dict: environ['QUERY_STRING']. You can use urlparse.parse_qs from the standard library to parse it. If this is code that's going into production, I second Joran, you should use at least HTTP Basic Authentication and some authentication middleware like barrel.

Simon
  • 12,018
  • 4
  • 34
  • 39
  • thanks a lot, and yes I would definitely look into barrel. But for the time being this would work for the demo. Thanks again – AliR Sep 27 '12 at 07:01