ASPN ActiveState Programmer Network
ActiveState
/ Home / Perl / PHP / Python / Tcl / XSLT /
/ Safari / My ASPN /
Cookbooks | Documentation | Mailing Lists | Modules | News Feeds | Products | User Groups


Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming
MyASPN >> Mail Archive >> python-list
python-list
Re: Validate user on FreeBSD
by Steven Taschuk other posts by this author
Mar 21 2003 7:55PM messages near this date
Re: Validate user on FreeBSD | Re: Validate user on FreeBSD 
Quoth Dan Nyanko:
>  Steven Taschuk <staschuk@[...].net> wrote in message news:<mailman.1048222276.31387.python
-list@[...].org> ...
  [...]
>  > Why not just use ftp or sftp?
>  
>  This is a learning project and a hobby.  [...]

Ah.  Then see below.

>  [...] Using existing programs is
>  not why a person visits comp.lang.*

(Some people visit comp.lang.* just looking for help doing
something with language X, not having thought about whether they
should actually be writing something for that purpose in the first
place.)

>  I put port 510 for no other reason that I was reading about FCP when I
>  wrote the program.  I guess I was thinking along the lines of
>  cryptography and a secure protocol for sending files across tcp/ip... 
>  Of course, my code does not accomplish any of that but I would like
>  for it to do so in the future.

The socket module has support for SSL connections; this can get
you encryption over the link, which is a good start.  If you have
any real need for encryption, I recommend re-using SSL rather than
rolling your own; it is notoriously difficult to make
cryptographically secure systems.

For authentication, there's a few things you could do.  Probably
easiest: once the connection is encrypted, prompt for a user name
and password, look up the user name in some local database which
lists for each user the right password [1] and other data of
interest such as the user's home directory and whatnot.  On Unixy
systems, you can access the /etc/passwd database with the pwd
module.

(If the link is not encrypted, this method is bad.  It's also
vulnerable to man-in-the-middle attacks in any case.)

Once you've authenticated the user, you can downgrade your
privileges to that user's with os.setuid() or os.seteuid(); see
man 2 set[e]uid for details.

[1] Actually one rarely stores the password itself; /etc/passwd
stores a hash instead, so if the password file is compromised it's
not a complete disaster.  See the crypt module.

-- 
Steven Taschuk                                     staschuk@[...].net
Receive them ignorant; dispatch them confused.  (Weschler's Teaching Motto)

-- 
http://mail.python.org/mailman/listinfo/python-list
Thread:
Dan Nyanko
Dan Nyanko
Steven Taschuk
Steven Taschuk

Privacy Policy | Email Opt-out | Feedback | Syndication
© 2004 ActiveState, a division of Sophos All rights reserved