[issue10284] NNTP should accept bytestrings for username and password
Changes by Christian Heimes li...@cheimes.de: -- versions: +Python 3.3, Python 3.4 -Python 3.2 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10284] NNTP should accept bytestrings for username and password
Changes by Hynek Schlawack h...@ox.cx: -- nosy: +hynek ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10284] NNTP should accept bytestrings for username and password
Changes by STINNER Victor victor.stin...@haypocalc.com: -- components: +Unicode nosy: +haypo ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10284] NNTP should accept bytestrings for username and password
Julien ÉLIE jul...@trigofacile.com added the comment: RFC 4616 about SASL PLAIN: The mechanism consists of a single message, a string of [UTF-8] encoded [Unicode] characters, from the client to the server. The client presents the authorization identity (identity to act as), followed by a NUL (U+) character, followed by the authentication identity (identity whose password will be used), followed by a NUL (U+) character, followed by the clear-text password. As with other SASL mechanisms, the client does not provide an authorization identity when it wishes the server to derive an identity from the credentials and use that as the authorization identity. [...] The authorization identity (authzid), authentication identity (authcid), password (passwd), and NUL character deliminators SHALL be transferred as [UTF-8] encoded strings of [Unicode] characters. That's one of the reasons why AUTHINFO SASL is better than AUTHINFO USER. It also allows whitespaces (a few news servers do not parse well whitespaces in user names or passwords after AUTHINFO USER/PASS -- imagine test with a leading space). Solved with SASL. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10284] NNTP should accept bytestrings for username and password
Antoine Pitrou pit...@free.fr added the comment: Hello Julien, That's one of the reasons why AUTHINFO SASL is better than AUTHINFO USER. It also allows whitespaces (a few news servers do not parse well whitespaces in user names or passwords after AUTHINFO USER/PASS -- imagine test with a leading space). Solved with SASL. If you want to contribute SASL auth for NNTP, it might make sense to have a dedicated module to provide SASL mechanisms (and then let imaplib reuse that module). Of course, not all mechanisms need to be provided at the start. (FWIW, I had written a patch providing generic SASL support for Twisted years ago: http://twistedmatrix.com/trac/ticket/2015 ) -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10284] NNTP should accept bytestrings for username and password
Changes by Antoine Pitrou pit...@free.fr: -- resolution: invalid - stage: committed/rejected - needs patch status: closed - open title: Exception raised when decoding NNTP newsgroup descriptions - NNTP should accept bytestrings for username and password ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10284] NNTP should accept bytestrings for username and password
R. David Murray rdmur...@bitdance.com added the comment: What I meant by saying that the spec was broken is that the user is going to be typing the password at a keyboard. The keyboard will generate scan codes. Those scan codes will get interpreted through a system-specific chain of processes until some bytes or some unicode characters are generated. What's to say that the password typed on the keyboard where the password is set up is going to be a binary match for the password entered on the keyboard used for authentication? Which doesn't change the fact that if the spec calls for binary, nttplib should support binary. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10284] NNTP should accept bytestrings for username and password
Julien ÉLIE jul...@trigofacile.com added the comment: OK, I understand. I believe it works fine in practice, because people often use ASCII-only characters... I assume it is going to be a problem when the passwords contain 8-bit characters. I doubt it will work fine if I use different news readers on different localized systems... Interesting question. I will ask how it should be handled. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue10284] NNTP should accept bytestrings for username and password
Julien ÉLIE jul...@trigofacile.com added the comment: I quote what Russ Allbery has just answered on news.software.nntp: It's completely unspecified what encoding to use for AUTHINFO USER/PASS, which is one of the problems fixed by SASL. Clients should always use SASL where possible because of things like this. None of the legacy authentication mechanisms (for protocols besides NNTP, as well) support character sets. If they have to fall back to AUTHINFO USER/PASS, they're unfortunately just going to have to guess. Most clients previously probably just sent whatever bytes across the wire that corresponded to the local character set encoding of the username and password. In practice, using anything other than ASCII in passwords with AUTHINFO USER/PASS is not going to be portable and won't work reliably. ** How do current news readers send them to news servers? ** And how news servers should decode them? News servers probably can't do anything better than just accepting them as a byte stream and doing a byte-by-byte comparison against local configuration. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue10284 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com