def auth_against_url(url, username, password):
    import urllib2, base64
    request = urllib2.Request(url)
    b64 = base64.encodestring('%s:%s' % (username, password))[:-1]
    request.add_header('Authorization', 'Basic %s' % b64)
    try:
        urllib2.urlopen(request)
    except urllib2.HTTPError:
        return False
    return True

Instant authentication against an existing web application

Grok Headline matches for Instant authentication against an existing web application

mod_perl programmer to extend existing
application

mod_perl programmer to extend existing
application 04/15/2005 03:23 PM
eQuisto Customized Commerce GmbH - Germany, Cologne (2005-04-15)

All the Instant Messaging Networks in
One Application

All the Instant Messaging Networks in
One Application 04/15/2004 06:28 PM

GMP Services Releases Instant .Net
Portal-Website Application

GMP Services Releases Instant .Net
Portal-Website Application 09/14/2004 02:03 AM
GMP Services, Inc., a private Georgia based software, publishing, and hosting company, today announced the release of GMP Instant Portal – Website 1.1. Based on the original iBuySpy portal framework and built on the Microsoft ™ .net framework the GMP Instant Portal – Website application is an easy to setup web portal that contains many unique features and enhancements. [PRWEB Sep 14, 2004]

Alphalogix lowers the total cost of
enterprise wide instant messaging
deployment with the Versona Instant
Messaging System (VIMS)

Alphalogix lowers the total cost of
enterprise wide instant messaging
deployment with the Versona Instant
Messaging System (VIMS) 05/31/2004 01:45 PM
Alphalogix, Inc., a leading provider of software solutions and services for the connected enterprise, addresses the high cost of enterprise wide instant messaging deployment and management. With this in mind, Alphalogix developed the Versona Instant Messaging System (VIMS) which drastically lowers the cost of deploying and maintaining an instant messaging infrastructure without sacrifice to capabilities or features. This is made possible with the IM client streaming technology used by Alphalogix in the Versona Instant Messaging System. [PRWEB May 18, 2004]

Flickr (Flicker) photo sharing IM
instant messenger instant message
friendster realtime media sharing real
time online community

Flickr (Flicker) photo sharing IM
instant messenger instant message
friendster realtime media sharing real
time online community 02/11/2004 10:49 AM
flickr

flickr.com
track this site | 6 links

FlashPoint launches fastest photo
sharing on the Internet. Innovative
Qurio Instant Photo Server allows
instant photo sharing with anyone, any
time, anywhere, directly from the
control of your own PC.

FlashPoint launches fastest photo
sharing on the Internet. Innovative
Qurio Instant Photo Server allows
instant photo sharing with anyone, any
time, anywhere, directly from the
control of your own PC. 09/09/2004 03:46 AM
FlashPoint prepares to unlock the pictures of more than 40 million digital camera owners who have their pictures trapped in their PC. Consumers are tired of trying to share their pictures with cumbersome email attachments and time consuming uploads to web sites. The innovative Qurio Instant Photo Server allows you to instantly share thousands of full resolution pictures over the Internet, directly from your own PC. And, since your pictures stay right on your own hard drive, you remain in complete control of your personal pictures. [PRWEB Sep 9, 2004]

Building the RSS Watch Sample
Application: Part 2: Improving the
Application

Building the RSS Watch Sample
Application: Part 2: Improving the
Application 09/24/2004 08:03 PM
Monitor RSS feeds automatically and learn about CFCs and XML at the same time.

Perl Web Application
Developer/Programmer for epay
application

Perl Web Application
Developer/Programmer for epay
application 07/14/2004 08:40 PM
Level One Technologies - United States, MO, St Louis (2004-07-14)

XP SP2 could break existing applications

XP SP2 could break existing applications 03/06/2004 01:59 AM

Airgo Brings MIMO To Existing Wi-Fi

Airgo Brings MIMO To Existing Wi-Fi 06/22/2005 01:47 AM
Airgo Networks said Tuesday that it had adapted its multiple-antenna technology to lower-cost Wi-Fi implementations, promising superior performance using today's technologies.

Should the U.S. dump existing telecom
laws?

Should the U.S. dump existing telecom
laws? 04/09/2004 04:13 PM
Patchwork legislation is being used to address deficiencies in the 1996 Telecom Act. Vint Cerf thinks there is a better solution.

Automated Backups With Existing Tools

Automated Backups With Existing Tools 02/10/2004 11:55 PM
By Peter Hickman (O'Reilly Network via MyAppleMenu)

10.3: Upgrade CDs require existing 10.2
installation

10.3: Upgrade CDs require existing 10.2
installation 10/31/2003 10:36 AM
I just received the Panther CDs from Apple for the Software Up-to-Date program. Disk 1 from the update set actually has the words "Upgrade Disk" printed on it. None of the other disks, 2 or 3, have the words "Upgrade Disc" o...

Windows XP SP2 could break existing apps

Windows XP SP2 could break existing apps 03/06/2004 02:03 AM

InstallShield: Customizing an Existing
MSI Package

InstallShield: Customizing an Existing
MSI Package 04/06/2005 04:43 AM

Application development with Microsoft
.NET application blocks

Application development with Microsoft
.NET application blocks 01/18/2003 02:42 AM
CNET Jan 18 2003 1:35AM ET

AMD's New Processors Will be Compatible
with Existing Boards

AMD's New Processors Will be Compatible
with Existing Boards 12/10/2003 11:36 AM

Creating Web Services - Use your
existing WSDL to generate a ...

Creating Web Services - Use your
existing WSDL to generate a ... 02/16/2004 08:04 PM
The same applies if you want to leverage any other Web service, such as the Amazon.com or Google.com Web services within WebLogic Workshop. ...

Leveraging Existing Technology To Manage
Risk

Leveraging Existing Technology To Manage
Risk 01/03/2005 07:57 PM
Information Week Jan 3 2005 11:12PM GMT

Existing Home Sales Rise in November

Existing Home Sales Rise in November 12/29/2004 06:14 PM
Reuters via Wired News Dec 29 2004 9:22PM GMT

Discovering Existing Source Paths of MSI
Applications

Discovering Existing Source Paths of MSI
Applications 07/01/2004 05:36 AM

Forum Stories: Replace existing file

Forum Stories: Replace existing file 07/01/2004 08:49 AM

Define Spyware Or Just Enforce Existing
Laws?

Define Spyware Or Just Enforce Existing
Laws? 09/13/2004 09:56 PM
The question over exactly how spyware should be defined isn't exactly new. However, Mark Rasch's latest column at SecurityFocus picks apart common spyware definitions to make you wonder if it's useful at all to define what spyware is. Instead, he suggests (as have others before< /a>) that the real issue isn't in defining and outlawing spyware, but simply enforcing existing laws that already make most of the worst offenders illegal by way of laws against fraud. Of course, that won't happen, because politicians want to make sure they're seen as doing something to make their constituents' lives better -- and a law against spyware (just like the mostly useless law against spam before it) is good for publicity, even if it does little to solve any real problems.

10.3: New Address Book allows updating
of existing records

10.3: New Address Book allows updating
of existing records 11/02/2003 07:37 PM
As seen at right, the Panther Address Book does updates, finally! For a test:Create a new address with some easily distinguishable fake names. Drag the address to the desktop (creates a vCard). Open the vCard with any text ed...

Intel Will Not Enable 64-Bits in
Existing Prescott Cores

Intel Will Not Enable 64-Bits in
Existing Prescott Cores 05/19/2004 01:12 PM
At the spring analyst meeting, Intel's President stated that the company will not enable 64-bit functionality in existing Prescott cores that have already shipped.

AMD's 2004 Processors Will be Compatible
with Existing Mainb

AMD's 2004 Processors Will be Compatible
with Existing Mainb 12/09/2003 07:27 PM

TV over broadband will come from
existing satellite and cable brands,
says Analysys

TV over broadband will come from
existing satellite and cable brands,
says Analysys 09/24/2004 03:29 AM
TV content aggregation is not a business for network operators, who will do better to form partnerships with satellite and cable operators to sell TV over broadband. Gross margins on TV can be as low as 20% but operators need TV services to compete with triple-play competitors. Fixed broadband (BB) operators providing TV reduce the net present value (NPV) of their business model over the first five years, according to Analysys calculations for this report. Gambling games are the most profitable entertainment option for network operators. [PRWEB Sep 24, 2004]

Thomson issuing $250 million US in notes
to repay existing debt

Thomson issuing $250 million US in notes
to repay existing debt 05/13/2004 02:04 PM
Canadian Press via Canada.com May 13 2004 5:27PM GMT

Forum Stories: Distribute existing
packages to a NEW Distribution Point

Forum Stories: Distribute existing
packages to a NEW Distribution Point 07/14/2004 06:31 PM

Microsoft's Service Pack 2 Says Existing
Hotspot Logins Insecure

Microsoft's Service Pack 2 Says Existing
Hotspot Logins Insecure 08/06/2004 08:26 PM
Microsoft's Windows XP Service Pack 2 will be available soon, but they've got a little tweaking to do on their technical documentation: This page explains to developers how Wireless Provisioning Service (WPS) works. Never mind the fact that Service Set Identifier (SSID) is described as the Secure Set Identifier. More importantly, they overstate the current risk level for gateway-page logins at hotspots, a problem that WPS bypasses (with all Microsoft server and client components): The current connection model for WISP signup and use is not secured. Most Wi-Fi hotspots are configured for open authentication and without data encryption. Users are generally required to launch a Web browser to initially sign up to the WISP service and for subsequent logins. WSP mitigates this threat by adding encryption and authentication to the communications between the client and the wireless network. No, Mr. Gates, no, no, no. All authentication gateway pages I've visited are SSL-based, meaning that encryption (but not authentication) is already in the transaction. I don't know where they got the most from. The SSL certificate has to be signed by an approved certificate authority, or a client's Web server would balk, and I haven't seen that kind of self-signed certificate problem that would allow man-in-the-middle attacks. (That is, if you were expecting to be warned about a self-signed certificate, then you might accept even a fake AP's certificate. But if you weren't expecting it, you probably wouldn't accept it.) Browser based deployment is vulnerable to man-in-the-middle attacks, for example, by a malicious front-end server using a rogue access point. Users queried by this access point might unknowingly be giving away personal identification and credit card information. By eliminating the need for a Web login WSP reduces the vulnerability of WISP users to this type of attack. This is definitely one of the coolest authentication elements of WPS. The transaction between XP SP2's WPS client and a WPS-equipped hotspot involves quite a lot of quasi-out-of-band confirmation. For instance, an SSL tunnel that's opened in one stage of the authentication is signed by a certificate authority already authorized in the WPS client. (So what's good for the goose should be good for the gander, above, in terms of Microsoft's characterization of hotspot authentication weakness currently.) Without additional hotspot client software users can not easily detect hotspots and do not have a unified mechanism to sign up to them. It is not easy...

The Budget Webmaster’s 6 Step Guide to
Improving Existing Rankings in Google

The Budget Webmaster’s 6 Step Guide to
Improving Existing Rankings in Google 03/19/2005 02:41 AM

A Methodology to Verify and Improve an
Existing Large-scale Information
Architecture

A Methodology to Verify and Improve an
Existing Large-scale Information
Architecture 05/28/2002 08:58 AM

CA tool kit enables shared security
controls to be integrated with existing
apps

CA tool kit enables shared security
controls to be integrated with existing
apps 06/24/2005 08:54 PM
Last time out I spoke about smaller, more tightly focused, industry events (conferences, trade shows, user group meetings, etc.). All of that reminded me to mention something that occurred at the Gartner IT Summit in Washington, D.C. earlier this month. At that conference, Computer Associates announced its eTrust Identity and Access Management (IAM) Toolkit. While it's aimed at commercial developers, in-house programmers might benefit more from this release.

Innvo Systems wins more fundings of over
S$5 million from Walden International
and two other existing investors.

Innvo Systems wins more fundings of over
S$5 million from Walden International
and two other existing investors. 07/30/2004 03:10 AM
Innvo targets to become the leading mobile software solutions provider in Asia for mass market feature phones [PRWEB Jul 30, 2004]

Spectrum trading could fundamentally
change the structure of existing
wireless markets, says Analysys

Spectrum trading could fundamentally
change the structure of existing
wireless markets, says Analysys 07/15/2004 03:10 AM
* Regulators should see spectrum trading accompanied by liberalisation of spectrum use as key part of a dynamic, competitive and innovative wireless service market* Spectrum trading will create significant uncertainties around the existing business models of mobile network operators* Operators and regulators need to understand how the industry’s structure and market dynamics will be changed by spectrum trading [PRWEB Jul 15, 2004]

Sullins Electronics Broadens Existing
Distribution Relationship With
Kestronics To Serve South Asia

Sullins Electronics Broadens Existing
Distribution Relationship With
Kestronics To Serve South Asia 06/17/2005 07:16 PM
Sullins Electronics, a world leader in the design and manufacture of connectors and interconnect systems, today named Kestronics Pte. Ltd. to distribute its full line of Micro Plastics connectors throughout South Asia. [PRWEB Jun 8, 2005]

Loading the Excel roll-up patch q324126
to an existing Office 2000 Admin Share

Loading the Excel roll-up patch q324126
to an existing Office 2000 Admin Share 09/16/2004 03:57 AM

Up Link: Telecom Ministry says Lanka
Internet could continue with its
existing license to offer voice service

Up Link: Telecom Ministry says Lanka
Internet could continue with its
existing license to offer voice service 04/06/2005 08:34 PM
Lanka Business Online Apr 7 2005 12:28AM GMT

instant personal payday loan guaranteed
- best instant personal payday loan
guaranteed great free advice!!

instant personal payday loan guaranteed
- best instant personal payday loan
guaranteed great free advice!! 12/27/2003 11:31 PM

zeelish.com
track this site | 3 links

Grok Description matches for Instant authentication against an existing web application
GrokA matches for Instant authentication against an existing web application

Take advantage of PHP and LDAP
authentication

Take advantage of PHP and LDAP
authentication 01/12/2003 02:28 AM
CNET Jan 12 2003 1:01AM ET

Tap into PHP and LDAP authentication for
UNIX/Windows platforms

Tap into PHP and LDAP authentication for
UNIX/Windows platforms 01/11/2003 02:05 AM
CNET Jan 11 2003 1:27AM ET

SSH Authentication: A Basic Overview

SSH Authentication: A Basic Overview 08/11/2004 01:50 PM

Writing a Basic Authentication System in
PHP

Writing a Basic Authentication System in
PHP 12/24/2004 01:03 PM
An authentication system allows certain online material to be accessible only to a select few. This tutorial illustrates the basic construction of an authentication system using PHP.

Is biometrics the best solution to
replace password authentication?

Is biometrics the best solution to
replace password authentication? 02/01/2005 08:19 PM
Biometrics. It's a topic I come back to periodically and enthusiastically. Most pundits, gurus and analysts agree that passwords as a method of authenticating people are not at all secure and need to be replaced. Many feel that a biometric authentication - via fingerprint, retina scan, voiceprint, or even DNA - represents the ne plus ultra of authentication methods. Still, there are quite a few people who argue that using biometrics is like placing all your eggs in one basket - what happens when the basket breaks, what happens when the biometric system is compromised?

Password aging can weaken an already
burdened authentication method

Password aging can weaken an already
burdened authentication method 04/05/2005 09:23 PM
Computer Weekly Apr 6 2005 12:18AM GMT

Mailworks User Authentication Bypass
Vulnerability

Mailworks User Authentication Bypass
Vulnerability 09/07/2004 01:32 AM

Direct and Related Links for 'Mailworks User Authentication Bypass Vulnerability'

“CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote Paul Craig has reported a vulnerability in Mailworks, which can be exploited by malicious people to bypass the user authentication. The problem is that the application doesn’t verify if a user is logged on. It merely checks if a cookie with the appropriate “uId” and “auth” parameters is set. Successful exploitation allows a malicious person to log on as any user. SOLUTION: The vendor has reportedly…

Hardening Linux authentication and user
identity

Hardening Linux authentication and user
identity 09/23/2004 10:56 AM

LinPHA User Authentication Bypass
Vulnerability

LinPHA User Authentication Bypass
Vulnerability 08/01/2004 11:45 AM

Direct and Related Links for 'LinPHA User Authentication Bypass Vulnerability'

“Description: Fernando Quintero has reported a vulnerability in LinPHA, which can be exploited by malicious people to conduct SQL injection attacks….The vulnerability has been reported in version 0.9.4. Other versions may also be affected. Solution: A fix is available in the CVS repository.”…

NewsForge: Hardening Linux
Authentication and User Identity

NewsForge: Hardening Linux
Authentication and User Identity 09/24/2004 01:43 PM

[waraxe-2004-SA#017 - User-level
authentication bypass in phpnuke
6.x-7.2]

[waraxe-2004-SA#017 - User-level
authentication bypass in phpnuke
6.x-7.2] 04/12/2004 04:55 PM
Janek Vind (Apr 12 2004)

Convert 10.3x LDAP database to UNIX
passwd file

Convert 10.3x LDAP database to UNIX
passwd file 08/02/2004 01:58 PM
I have just completed my first really challenging (for me) UNIX shell script and I'm quite proud of myself. I run the Mac section of a very cross-platform lab at an art school in New York. We have all the Macs using network h...

Communication Machinery Corporation
Introduces World’s Only Multi-Station
Performance and Load Test System For
Wi-Fi Protected Access (WPA) Enterprise
and Personal Implementations With Full
802.1x Authentication

Communication Machinery Corporation
Introduces World’s Only Multi-Station
Performance and Load Test System For
Wi-Fi Protected Access (WPA) Enterprise
and Personal Implementations With Full
802.1x Authentication 12/19/2004 03:32 PM
CMC sets new standards in WPA Enabled Wi-Fi testing with the industry’s only system to provide multi-station testing, using virtual stations (vSTA™) with configurable MAC, IP addresses, that send and receive data traffic across the wireless link. [PRWEB Dec 15, 2004]

CGI-Auth-Basic-1.01

CGI-Auth-Basic-1.01 08/31/2004 09:39 AM

Codewalkers.com: Writing a Basic Auth
System

Codewalkers.com: Writing a Basic Auth
System 12/27/2004 09:08 AM
Codewalkers.com has a new tutorial posted today for all of you out there looking to make an authentication system with PHP.

Net-DAAP-Client-Auth-0.01

Net-DAAP-Client-Auth-0.01 04/30/2004 05:57 PM

Net-DAAP-Client-Auth-0.12

Net-DAAP-Client-Auth-0.12 05/17/2004 06:04 PM

Net-DAAP-Client-Auth-1.21

Net-DAAP-Client-Auth-1.21 07/26/2004 05:47 PM

Net-DAAP-Client-Auth-0.13

Net-DAAP-Client-Auth-0.13 06/16/2004 06:05 PM

SSH RSA/DSA authentication via the GUI

SSH RSA/DSA authentication via the GUI 12/16/2003 11:18 AM
As a UNIX system admin, I have about 40 servers that I need to access via SSH. I recently retired my good old first gen PowerBook g3 and bought myself a new pbook, which was my first experience with OS X (panther). I was thr...

Trackback authentication

Trackback authentication 03/06/2004 02:09 AM

Jacques Distler: The anonymous nature of the internet makes the problem of “identity” a hard one. In physics, when we encounter an intractably-hard problem, our most frequent dodge is to redefine the problem to one which admits a solution, and hope that the result is a “good-enough” stand-in for the original problem. In that spirit, I (re)defined the problem as reliably associating comments posted with the websites of the commenters.

Just a suggestion: a lesser, but very much related and much more tractable, problem is trackbacks.  The reason why it is more tractable is that the trackbacks are issued by software which could reasonably be expected to have direct access to your weblog's private keys.  This could make signing totally automatic - simply check a box once, and your template could be updated and all future trackbacks would be automatically signed.

The signatures could be passed as a new CGI parameter or as a HTTP header.  Neither would likely affect any existing software that wasn't expecting this information.

Once trackback signing is widely enough adopted, people may feel comfortable turning off the ability to accept unsigned trackbacks.  And then much of the infrastructure will be in place to tackle the harder, and more important problem, of comment signing.

The key nut to crack there is to make it easy and painless to sign a comment.

Delegated Authentication

Delegated Authentication 06/17/2005 07:10 PM

Delegated authentication differs from federated authentication model in that the authentication authority delegates authentication yet again. It's a double-sided star system where the authentication authorities sits in the middle acting as a directory of sort.

Delegated authentication model is not appropriate for weak authentication uses. So I doubt we'll see banks pushing customers to some federated authentication authority whenever they click on the sign-in button. Where it makes sense is protecting high-value transactions with strong and/or multi-party multi-factor authentication.

As cryptic as what I wrote above may sound, the net effect is that a) consumers will be able to buy their favorite secure token at Fry's and use it to protect their bank account without worrying about whether the bank supports the device or not, b) banks of all sizes will be able to support a wide range of authentication methods cheaply, and c) strong authentication vendors will be able to market their products and services directly to consumers.

The biggest hurdle for delegated authentication is that the cost of fraud risk have already become part of the balance sheet. Risk exposure is aggregated and taxed horizontally so that finanical risk is shared as part of operating cost. The net result is that individual customers face minimal financial risk which leaves them little incentives to be interested in strong authentication unless they are required to use them by their banks.

Authentication >> The Power of Who

Authentication >> The Power of Who 01/06/2005 03:14 PM

The Cloud Allows SIM Authentication

The Cloud Allows SIM Authentication 05/04/2004 02:03 PM
The Cloud customers can now get authenticated using SIM cards: Transat Technologies enables the service. SIM-based authentication is already being used by some hotspots in Europe and is expected to be a widely used authentication method there. Because Europeans use GSM for their cell phone technologies, they are already used to the concept of the SIM card. They can use the same SIM card for their cell phones and for hotspot authentication, which also means they could receive a single bill for both services. Some of the early SIM-based WLAN authentication solutions are pretty rudimentary. They involve the user sending a message from their cell phone to get a code that allows them to access the WLAN. But the more sophisticated solutions include a SIM card reader on a laptop. The SIM card authenticates the user but also applies encryption and security to the communication between the client and the network. That is likely the offering Transat is delivering for The Cloud. At the CTIA Wireless I.T. show last fall I talked to a handful of companies that are touting SIM-based authentication tools, including some of the big SIM card makers. While they're looking for a U.S. market, most weren't terribly bullish that the authentication method would take off here because people aren't widely used to the concept of using SIM cards. Even GSM users in the U.S. don't often realize that they have a SIM card....

Atom Authentication

Atom Authentication 12/17/2003 07:19 PM
Mark Pilgrim explains why the Atom developers are using a new kind of authentication scheme, and he explains why it's necessary.

The cost of authentication

The cost of authentication 06/18/2004 04:52 AM
Last issue we talked about two-factor authentication and I described such a scheme used by a Swedish bank (see link below). The bank requires a user to enter a unique identifier - a national ID number, similar to a U.S. Social Security number, a four digit PIN, and a one-time code that's revealed by scratching off the covering on one cell of a 50-cell card (similar to a scratch-off lottery ticket). I then posed the question: "Is that secure enough?" which can only, I believe, can be answered: "It depends."

Maypole-Authentication-Abstract-0.6

Maypole-Authentication-Abstract-0.6 09/01/2004 12:11 AM

SecurID authentication for OpenSSH 3.9p1

SecurID authentication for OpenSSH 3.9p1 09/01/2004 01:37 PM
A SecurID authentication method for OpenSSH.

Tap Java HTTP authentication

Tap Java HTTP authentication 09/30/2002 11:07 PM
CNET Sep 30 2002 10:01PM ET

Instant authentication against an existing web application

The following phrases have been identified by the grok system as matching this entry: web application perl authentication ldap php links includes else main page get getfile eap-fast client freeware database backup failed mysqldump failed webmin as400 ldap authentication using php "feed readers" for password protected rss dadabik add user "basic authentication"axishandler php pear auth file sample auth constructor