Thursday, July 14, 2005

Digest Authentication

Progress

Worked on digest authentication, and now have it working with both firefox and IE (which never returns the opaque). I wanted to use Paste.login, but webDAV specifically indicated that digest and not basic authentication was to be used.

It was only belatedly that I saw the digest authentication implementation on Python Cookbook. Well I guess it helps to have my code tested alongside a known working copy. :|

Musings
If I separated my application into several layers of middleware, can I use the environ dictionary to pass variables or information between them? like adding a dictionary to value "pyfileserver.config" and putting custom configuration information in there. Apparently I can, but is it a good practice/the-way-to-do-it?

1 comment:

Ian Bicking said...

Digest authentication definitely isn't required -- for quite a while many WebDAV clients only supported Basic. Essentially authentication is orthogonal to WebDAV (except of course that there's no room for authentication in the body of the response, and stateful logins like cookies have no client support). Of course, digest is still much better than Basic (unless maybe you are doing it over SSL).

If digest authentication could fit in paste.login, that would be great too (you might fork it to see if it works, and if so it can be reintergrated).

Adding new keys to the environment is a good way to share information between middleware.