Meine Güte, was für'n Blah!
- 2019-05-08
- [*]
PassList
Purpose
Sometimes there is a need to password-protect your web-server, either in whole or just some parts of it. That’s were this little package comes in. It offers to simply integrate the popular BasicAuth mechanism into your own web-server.
Note: To be on the safe side your web-server should use
HTTPS
instead of plain oldHTTP
to avoid the chance of someone eavesdropping on the username/password transmission.Installation
You can use
Go
to install this package for you:go get -u github.com/mwat56/passlist
Usage
PassList
provides an easy way to handle HTTP Basic Authentication by simply calling the package’sWrap()
function and implementing theTAuthDecider
interface which only requires the single function or methodNeedAuthentication(aRequest *http.Request) bool
That function may decide on whatever means necessary whether to grant access (returning
true
) or deny it (returningfalse
).For your ease there are two
TAuthDecider
implementations provided:TAuthSkipper
(which generally returnsfalse
) andTAuthSkipper
(which generally returnstrue
). Just instantiate one of those – or, of course, your own implementation – and pass it to theWrap()
function.func Wrap(aHandler http.Handler, aRealm, aPasswdFile string, aAuthDecider TAuthDecider) http.Handler
The arguments mean:
aHandler
: the HTTP handler you implemented for your web-server; you will use the return value ofWrap()
after you called this function.aRealm
: the name of the host/domain to protect (this can be any string you like); it will be shown by most browsers when the username/password is requested.aPasswdFile
: the name of the password file that holds all the username/password pairs to use when authentication is actually required.aAuthDecider
: the deciding function we talked about above.
So, in short: implement the
TAuthDecider
interface and callpasslist.Wrap(…)
, and you’re done.However, the package provides a
TPassList
class with methods to work with a username/password list. It’s fairly well documented, so it shouldn’t be too hard to use it on your own if you don’t like the automatic handling provided byWrap()
. You can create a new instance by either callingpasslist.LoadPasswords(aFilename string)
(which, as its name says, tries to load the given password file at once), or you callpasslist.NewList(aFilename string)
(which leaves it to you when to actually read the password file by calling theTPassList
object’sLoad()
method).There’s an additional convenience function called
passlist.Deny()
which sends an “Unauthorised” notice to the remote host in case the remote user couldn’t be authenticated; this function is called internally whenever yourTAuthDecider
required authentication and wasn’t given valid credentials from the remote user.To further improve the safety of the passwords they are peppered before hashing and storing them. The default pepper value can be read by calling
pepper := passlist.Pepper()
And the pepper value can be changed by calling
myPepper := "This is my common 'pepper' value for the user passwords" passlist.SetPepper(myPepper)
Note: Changing the pepper value after storing user/password pairs will invalidate all existing userlist entries!
Please refer to the source code documentation for further details ot the
TPassList
class.In the package’s
cmd/
folder you’ll find thepwaccess.go
program which implements the maintenance of password files with the following options:-add string <username> name of the user to add to the file (prompting for the password) -chk string <username> name of the user whose pass to check (prompting for the password) -del string <username> name of the user to remove from the file -file string <filename> name of the passwordfile to use (default "pwaccess.db") -lst list all current usernames from the list -q whether to be quiet or not (suppress screen output) -upd string <username> name of the user to update in the file (prompting for the password)
Password list
This library provides a couple of functions you can use in your own program to maintain your own password list without having to use the
TPassList
class directly.AddUser(aUser, aFilename string)
reads a password foraUser
from the commandline and adds it toaFilename
.CheckUser(aUser, aFilename string)
reads a password foraUser
from the commandline and compares it with the one stored inaFilename
.DeleteUser(aUser, aFilename string)
removes the entry foraUser
from the password list stored inaFilename
.ListUsers(aFilename string)
readsaFilename
and lists all users stored in that file.UpdateUser(aUser, aFilename string)
reads a password foraUser
from the commandline and updates the entry in the password list inaFilename
.
Note: All these functions do not return to the caller but terminate the respective program with error code
0
(zero) if successful, or1
(one) otherwise.Libraries
The following external libraries were used building
PassList
:Licence
Copyright © 2019, 2020 M.Watermann, 10247 Berlin, Germany All rights reserved EMail : <support@mwat.de>
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
You should have received a copy of the GNU General Public License along with this program. If not, see the GNU General Public License for details.
1834 Artikel
504 Hashtags
714 Erwähnungen
#5g #abmahnung #abortion #abuse #advertising #agriculture #ai #air #alcohol #alexander_fleming #algorithm #ambroise_paré #anatomy #andreas_vesalius #anesthesia #animal_husbandry #anonymity #anopensecret #antisemitism #antizionism #apartheid #archive #artikel13 #assault #astronomy #asylum #austerity #authoritarians #autogynephilia #aviation #backdoor #banks #becourageus #bidenerasedwomen #biology #biometrics #bitcoin #blacklivesmatter #blackpantherisaltright #blockchain #border #boristhebutcher #bosnia #boycott #brain #brexit #buddhism #bundesdatenschutzgesetz #burstiness #bürgerversicherung #caa #canada #cancel_culture #cancer #cannabis #capitalism #carbon #cat #causality #causalitydilemma #censorship #census #ceta #charger #chatgpt #children #christianity #church #civil_disobedience #civil_rights #climate_change #cloud #co2 #coal #commerce #communication #communism #computer #conspiracy #copyright #corona #corruption #crime #cross #cryptoleaks #culture #dalit #data_protection #death #deepfake #defamation #democracy #detransition #devops #diasporastudies #dictionary #digitisation #dioscorides #discrimination #diseases #diversity #diy #dmca #docker #drm #drones #drugs #dsgvo #döner #ebooks #eccentricity #echo_chamber #ecology #ecommerce #economy #education #edward_jenner #egypt #eikonal #election #email #eme #emotions #encryption #energy #equality #erasistratus #espionage #ethics #evolution #experimentation #extremism #facial_recognition #fake_news #fascism #fbgc #fbpe #femicide #feminism #file_sharing #filibuster #filterbubble #fingerprints #fire #fisa #fish #food #football #footnotes #forest #fracking #fraud #free_speech #free_tibet #freedom #freedomofexpression #fridays-for-future #future #galen #galileo_galilei #gambling #gay #gdpr #gender #genderwoowoo #genetics #genitalia #genocide #germany #getstonewalloutofourinstitutions #git #github #glyphosat #gnu #go #golang #gratitude #greece #greed #grundeinkommen #grundgesetz #gutachten #hacker #hacking #harassment #hashtag #hashtags #hate #headphone #health #healthcare #herophilus #hindi #hindu #hippocrates #history #holocaust #homophobia #homosexuality #honour #human_genome_project #human_rights #hygiene #ice #identity #ideology #illness #imhotep #immunity #impeachment #imperialism #imsi-catcher #inclusiveness #independence #india #indien #industrialisation #industry #infection #influenza #infowar #infrastructure #intelligence #interdependence #internet #intersex #iot #iran #isaac_newton #islamophobia #isp #israelipalestinianconflict #istandwithjkrowling #istandwithkeirabell #istandwithmaya #italia #italy #james_young_simpson #javascript #jealousy #jewishethics #jewishhistory #jewishidentity #jewishscholars #jews #johannes_kepler #jornalism #joseph_lister #journalism #justice #keepiton #knowledge #kohleausstieg #labour #language #lgb #lgballiance #liability #liberty #library #licence #lifegetsbetter #linguistics #literature #lobbyism #love #maaslos #marijuana #markdown #marketplaces #marriage #masturbation #meat #media #medicaid #medicine #men #mental-health #metadata #metaphysics #metoo #mietpreisbremse #migration #military #minderheitsregierung #mindset #mining #misogyny #missiles #mobbing #mobile_phone #money #motivation #movies #murder #music #muslim #mussels #mutilation #nacktimnetz #narendra_modi #nationalism #nazis #net_neutrality #netherlands #netzdg #neurodiversity #new_zealand #newspapers #niewiedercdu #nlp #nobel_prize #nuclear_weapons #nürnberg #obamacare #observation #obsession #occupation #oil #open_source #openai #oppression #organspende #paedophiles #pandemic #paris_agreement #parliament #parteispenden #password #patent #paternalism #pc #peace #pension #perception #perplexity #personaldevelopment #pharma #philosophy #phishing #phone #physics #physiology #pigs #piracy #poem #police #politicalphilosophy #pollution #populism #pornography #poverty #prison #privacy #privacy_shield #privatisation #programmers #programming #prompt #prompts #propaganda #prostitution #protest #psychiatry #psychology #puberty_blocker #putsch #quicksilver #racism #rain #rain-forest #rape #readme #reality #recycling #refugees #regime_change #relationships #religion #religiousdebate #renaissance #rent #reportit #repression #research #rigaer94 #righttoknow #riots #robot #roma #rome #router #safety #sanctions #sand #satire #saveourinternet #scandals #schufa #science #scifi #sea_weed #secrecy #secularism #security #selbstbestimmungsgesetz #selfid #selfimprovement #sex #sexism #sexuality #sjw #smartphone #smoke #snowflakes #social-media #social_media #software #solar_panel #solidarity #soy #space #spam #sports #staatstrojaner #sterilisation #stgb #stophateforprofit #streisand-effekt #strike #subsidies #sugar #suicide #supremacy #surgery #surveiilance #surveillance #tagname #tanks #tax #technology #telegram #tents #terror #terrorism #thisisnotadrill #tobacco #tolerance #tomato #torture #tq #tracing #tracking #trade #traffic #transgender #transparency #transsexual #trees #trojan_horse #truth #ttip #tuberculosis #tv #twitter #uncertainty #uploadfilter #vaccination #vaccines #victim #video #violence #volkstrojaner #vorratsdatenspeicherung #voting #wall #war #waronwomen #waste #water #watergate #wealth #weapons #weather #whistleblower #white_house #who #wifi #william_harvey #william_thomas_green_morton #wind #wokeness #women #wordstar #writing #www #zensur #zensur-behörden #zensur-maßnahmen #zensurheberrecht #zeppelin #zionism #§218 #§219 @aadhaar @aakashhassan @abigail_shrier @aclu @adl @adolf_eichmann @adolf_hitler @afd @afghanistan @africa @alain_de_botton @albania @alessandro_strumia @alex_jones @alexa @alexandria_ocasio-cortez @alice-salomon-hochschule @alice_schwarzer @alice_weidel @alliancelgb @allie_funk @allison_bailey @alphago @amanda_tapping @amazon @amnesty_international @andrea_voßhoff @andreas_scheuer @android @angela_davis @angela_merkel @anis_amri @anke_ehrhardt @antifa @antoni_comín @anyabike @aol @apple @ard @area @aserbaidschan @asia @assam @att @attac @attila_hildmann @augusto_pinochet @australia @austria @axel_voss @ayodhya @bahrain @balochistan @bangladesh @barack_obama @barcelona @barereality @barry_reay @basel @bavaria @bayer @bbc @beatles @beijing @belarus @berlin @bernie_sanders @betsy_reed @bettina_gaber @betty_steiner @bgh @bill_clinton @bill_gates @bill_oreilly @bitcoin @bjp @bjportraits @bka @blokada @bmw @bnd @bob_murray @bodo_ramelow @bolivia @bollywood @boris_johnson @boris_yeltsin @botswana @brasilia @brazil @brazil's @bsi @buchbinder @bulgaria @bundesfinanzhof @bundestag @bverfg @caityjohnstone @california @cambridge @cambridge_analytica @cameroon @campact @canada @canada's @cargill @carles_puigdemont @carola_rackete @catalonia @cathy_newman @ccc @cdu @charles_ihlenfeld @charles_stross @charlize_theron @chelsea_manning @chemnitz @chennai @christa_peterson @christian_lindner @christine_lambrecht @christoph_heusgen @cia @cia’s @cisco @claus_schenk_graf_von_stauffenberg @clearview @clinton_foundation @coca-cola @columbia @cornelsen @cory_doctorow @costa_rica @croatia @crypto_ag @csu @cuba @dachau @daimler @dalai_lama @dale_o'leary @dan_gillmor @daniel_suarez @darknet @darwin @david_bell @david_cameron @dbd @debra_soh @defectivebydesign @delhi @deniz_yücel @denmark @dentons @deutsche_bahn @deutsche_bank @deutsche_wohnen @dexter @dfb @dgb @dhs @die_linke @die_partei @digitalcourage @dilay_banu_büyükavci @dirgegirl @disney @docstockk @dominic_cummings @donald_trump @donna_hughes @douma @dr_em @drbiden @dreamhost @dresden @drummond_pike @duckduckgo @düsseldorf @ecosia @ecuador @eddie_izzard @edinburghuni @edward_snowden @edward_w_felten @eff @egypt @einar_wegener @ellen_page @elmar_brok @elon_musk’s @elsevier @emmanuel_macron @eritrea @erwin_schrödinger @ethiopia @eu @eugen_gomringer @europe @europeancommission @evo_morales @ezb @facebook @fairplaywomen @fbi @fcc @fdp @fefe @fff @finfisher @finland @firefox @florida @focus @fondofbeetles @forwomenscot @fox_news @frag_den_staat @france @frank-walter_steinmeier @frank_rieger @franz_josef_strauß @françois_hollande @friedrich_merz @frontex @fsf @ftp @g20 @gaby_weber @gchq @gender @george_floyd @george_orwell @george_osborn @george_soros @george_takei @george_w_bush @germaine_greer @germany @gff @ggreenwald @ghana @gids @gimp @gina_rippon @github @glastonbury @glenn_greenwald @god @google @google’s @great_britain @greece @greenpeace @greta_thunberg @groko @grüne @guardian @guinness @gurbanguly_berdimuhamedov @göttingen @günther_oettinger @haiti @halle @hamburg @hannah_arendt @hans-christian_ströbele @hans-georg_maaßen @hans-peter_uhl @harry_benjamin @harvard's @heiko_maas @helensteel12 @helsinki @her @hermann_otto_solms @hillary_clinton @hjoycegender @hohenzollern @honduras @hong_kong @hongkong @horst_seehofer @huawei @hubertus_heil @hungary @ican @iceland @idad @ietf @iglyo @ikea @immunity @imran_khan @india @intercept @internet_archive @ipcc @iran @iraq @ireland @isaac_asimov @israel @istandwithher1 @italy @iwf @jacob_appelbaum @jacob_rees-mogg @jair_bolsonaro @james_comey @james_damore @james_flynn @jan_kalbitzer @jane_philpott @janice_raymond @japan @jared_kushner @jawaharlal_nehru @jean_luc_melenchon @jeff_bezos @jeff_sessions @jennifer_pritzker @jens_spahn @jeremy_corbyn @jeremy_hunt @jesse_williams @jessica12uk @jimmy_kimmel @jitsi @jk_rowling @jo_bartosch @jody_wilson-raybould @joe_biden @joe_rogan @john_le_carré @john_money @john_oliver @john_oliver's @jon_stryker @jonathan_pie @jonathan_pie's @jordan_peterson @jordanbpeterson @joseph_fischer @juan_guaido @judith_butler @julian_assange @julian_assange’s @justin_trudeau @jutta_ditfurth @kali_linux @kamala_harris @karin_strenz @karl_marx @kaschmir @kashmir @kaspersky @katarina_barley @katharina_nocun @kathleen_stock @kathmurray1 @kazakhstan @ke_jie @keir_starmer @keira_bell @kenneth_zucker @kevin_kühnert @kickstarter @kim_jong-un @kkk @klbfax @kolkata @kristina_hänel @kurds @laura_poitras @lawrence_kubie @lawrence_lessig @lebanon @leipzig @lesbianlabour @lesleysemmens @lili_elbe @lilylilymaynard @linkedin @linus_torvalds @linux @lisa_eckhart @lithium @liverpool @london @lufthansa @lybia @mad @magnus_hirschfeld @mahatma_gandhi @malaysia @malta @margaret_hamilton @margaret_thatcher @margarete_stokowski @marine_le_pen @mark_bonham @mark_hamill @mark_weinstein @mark_zuckerberg @markmair @mars @martin_schulz @martin_sonneborn @martina_navratilova @martine_rothblatt @mathias_döpfner @matteo_salvini @mauramaxwell @max_schrems @maya_forstater @mcleaver @medium @mellibeinhorn @mention @mentionedname @mentions @mermaids @mesut_özil @mewe @mexico @michael_flynn @michel_temer @michigan @microsoft @mike_pence @mike_pompeo @minneapolis @minnesota @mirandanewsom @miroandrej @monsanto @mordor @mosaic @mozilla @muhammadali_jinnah @mumbai @munich @mutilation @mwat @myanmar @narendra_modi @nawaz_sharif @nayantara_sehgal @nestle @netflix @new-delhi @new_york @new_york_times @new_zealand @nextcloud @nga @nhs @nicaragua @nicolas_maduro @nigel_farage @nigeria @nils_melzer @noam_chomsky @norbert_röttgen @north_korea @northern_ireland @norway @nsa @nytimes @ofcom @okbiology @okuna @olaf_scholz @oliver_bierhoff @onelook @opcw @openai @openbook @oriol_junqueras @osaka @oskar_lafontaine @oslo @oxfam @oxford @pakistan @palestine @panama @pankhurstem @paris @parler @passie_kracht @patricia_trimble @patrick_breyer @paul_mchugh @paul_ziemiak @pen @penny_pritzker @pentagon @pepsi @peter_altmaier @peter_handke @peter_ramsauer @peter_schaar @philip_sutton @philipp_amthor @philippines @pimeyes @piraten @pokémon @poland @pope_francis @portland @portugal @posteo @postillon @pr_china @privacyint @profalices @public_domain @puerto_rico @qanon @rachel_levine @raf @rainer_meyer @rainer_wendt @rana_ayyub @ranaayyub @rashmee_kumar @raspberry_pi @ray_blanchard @reality_winner @recep_tayyip_erdoğan @reconquista_internet @reinhard_grindel @renate_künast @rex_tillerson @rezo @rheinmetall @ric_weiland @richard_fitzgibbons @richard_grenell @richard_nixon @ricky_gervais @riot @rob_hoogland @robert-koch-institut @robert_muller @robert_stoller @rodrigo_duterte @romania’s @rose_of_dawn @rote_hilfe @rss @rudolf_henke @rupert_murdoch @russia @ruth_hunt @rüdiger_kruse @saddam_hussein @safoora_zargar @samsung @san_francisco @sappfo @saskia_esken @saudi_arabia @scandinavia @sci-hub @scotland @sean_spicer @sebastian_brehm @sebastian_kurz @seerutkchawla @segmtweets @serbia @shelia_jeffreys @sibiria @sibylle_berg @siemens @sigmar_gabriel @signal @silvio_berlusconi @sina @singapore @siri @sjferguson3 @smh @somalia @sonia_kennebeck @south_africa @south_korea @south_sudan @spain @spd @spezialdemokratie @spiegel @srf @startpage @stellaomalley3 @stern @steve_bannon @steven_pinker @stonewall @strato @sun @sundar_pichai @susan_stryker @suzanne_moore @sweden @swipewright @switzerland @symantec @syria @taiga @taiwan @tajikistan @taliban @tamil_nadu @tampax @tavistock @taz @teamviewer @teatea1337 @telegram @terry_pratchett @thailand @the_economist @the_guardian’s @the_intercept @theresa_may @thierry_breton @thomas_de_maizière @thomas_de_maiziére @thomas_szasz @thomson_reuters_foundation @threema @tiananmen @tibby17 @tibet @tiktok @tim_berners-lee @tim_cook @tim_gill @tinder @tonto_1964 @tony_blair @tor @toronto @transgendertrd @turkey @turkmenistan @twisterfilm @twitter @tönnies @uber @ulla_schmidt @uluru @un @united_internet @uno @ursula_k_le_guin @ursula_von_der_leyen @usa @valentinamedici @vanessa_rodel @varavara_rao @venezuela @venezuela’s @verfassungsschutz @verizon @vietnam @viktor_orban @vladimir_putin @volker_kauder @volkswagen @w3c @wallonia @washington_post @washingtonpost @wau_holland @wdr @welt @whatsapp @who @wikileaks @wikileaks' @wikipedia @william_golding @windows @wire @wirecard @wolf @wolfgang_kubicki @wolfgang_schulz @wolfgang_schäuble @womans_place_uk @womenreadwomen @wpath @wwf @xi_jin_ping @xiaomi @xr @xychelsea @xychelsea's @yanis_varoufakis @yaniv @yemen @yonatanzunger @youtube @yugoslavia @zdf @zoom @zürich @évian