R help - Feb 2008 - passing username and password to source()

Please, is it possible to pass an username and a password to source() to 
access code stored in restricted access web server?

I know I can use commands like...

 >
source("http://mire.environmentalchange.net/~webmaster/R/3Dsurface.r")

but I am not able to find if it is possible to pass authorization 
parameters together with the link.

Thanks you for your help,

Ricardo

-- 
Ricardo Rodr?guez
Your XEN ICT Team

Peter McMahan wrote:
> try something like this:
>     username <- "abc"
>     pass <- "123"
>     
>
source(paste("http://",username,":",pass,"@mire.environmentalchange.net/~webmaster/R/3Dsurface.r",sep=""))
>
> I'm not sure it'll work but it's worth a try. 
Thanks, Peter. It didn't work. I am guessing it depends in any way on 
the server this will work or won't work, doesn't it? Have you tried an 
http URL passing username and password with any public server I could 
try with? I've used this syntax with ftp sites, but never with http 
servers. I've tried here with several of the servers I've available and 
none of them seems to accept this syntax.

Thanks for your help,

Ricardo

-- 
Ricardo Rodr?guez
Your XEN ICT Team

[Ricardo Rodriguez] Your XEN ICT Team <webmaster <at> xen.net>
writes:
> Please, is it possible to pass an username and a password to source() to 
> access code stored in restricted access web server?
> 
> I know I can use commands like...
> 
>  >
source("http://mire.environmentalchange.net/~webmaster/R/3Dsurface.r")
> 
> but I am not able to find if it is possible to pass authorization 
> parameters together with the link.
One way to handle this is to use Sys.setenv/Sys.getenv to pass parameters by
environment. Make sure, however, that this does not violate security, because
these parameter could be read by other programs. A quick workaround would be
that the receiving program immediately deletes the environment string, after
having read it.

Dieter

Dieter Menne wrote:
> One way to handle this is to use Sys.setenv/Sys.getenv to pass parameters
by
> environment. Make sure, however, that this does not violate security,
because
> these parameter could be read by other programs. A quick workaround would
be
> that the receiving program immediately deletes the environment string,
after
> having read it.
>
> Dieter
Thanks Dieter.

But considering I am just newbie, could you point me to any example to 
get this working? Thanks!

All the best,

Ricardo

-- 
Ricardo Rodr?guez
Your XEN ICT Team

Phil Spector wrote:
> Ricardo -
>     The authentication can't be done through environmental variables --
> the only way is to send an Authorization header.   I believe the 
> environmental variables that Dieter is thinking of are the ones that
> are created on the server side based on the headers that the user
> agent sends.
>                                                       - Phil 
Hi Phil,

If I've well understood what you and the other colleagues have said is 
that whatever the method to write the authorization header I use, it is 
the only way of accessing programmatically my server.

I've installed Live HTTP headers, but I am still far from understanding 
all the messages in its window.

Please, could you point me in the right direction to learn what must I 
look for in Live HTTP headers log? Any example?

Thank you so much,

Ricardo

-- 
Ricardo Rodr?guez
Your XEN ICT Team

Phil Spector wrote:
> Ricardo -
>    If you use cat to look at the variable "request" in the
getauth
> function that I sent you previously, you'll see exactly what I'm 
> saying to the server.  It's something like this:
>
> GET /myfile.txt HTTP/1.1
> Host: mycomputer.com
> Authorization: Basic dXNlcjpwYXNzAA=>
>    If you go to http://user:pass at mycomputer.com/myfile.txt in Firefox
> with Live HTTP headers, and look for the transaction that had the 
> Authorization header, you'll see lines like the ones above, along with
> some others.  Presumably, it's one of those other headers that's
> preventing the program from working.  For example, if you see a 
> "Cookie" header, then, in addition to authorization, a cookie
might
> be needed.  You can try copying some of the headers that you see in
> the Live HTTP headers output into the "request" variable in
getauth.
It is certainly a matter of cookies. It seems to me. You have already 
receive an account for the concerned site, but let me keep this thread 
posted for further reference and see what others think.

By using Firefox Live HTTP headers I've found this one that seems to 
content the string sending username and password to the server...

----------------------------------------------------------
http://MyHostName/xwiki/bin/loginsubmit/XWiki/XWikiLogin

POST /xwiki/bin/loginsubmit/XWiki/XWikiLogin HTTP/1.1
Host: MyHostName
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; 
rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en,en-us;q=0.7,es-es;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: UTF-8,*
Keep-Alive: 300
Connection: keep-alive
Referer: 
http://MyHostName/xwiki/bin/login/XWiki/XWikiLogin?xredirect=http%3A%2F%2FMyHostName%2Fxwiki%2Fbin%2Fview%2FMain%2F
Cookie: JSESSIONID=A89FBB1701789DE208FFDBD732E9EFFD; style=default
Content-Type: application/x-www-form-urlencoded
Content-Length: 146
xredirect=http%3A%2F%2FMyHostName%2Fxwiki%2Fbin%2Fview%2FMain%2F&j_username=xxxxxxxxx&j_password=xxxxxxxxx&j_rememberme=true
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: username=xxxxxxxxx==; Expires=Sun, 02-Mar-2008 11:26:15 GMT; 
Path=/
Set-Cookie: password=xxxxxxxxx==; Expires=Sun, 02-Mar-2008 11:26:15 GMT; 
Path=/
Set-Cookie: rememberme=true; Expires=Sun, 02-Mar-2008 11:26:15 GMT; Path=/
Set-Cookie: validation=2ea9cbeb40bdafc8314b50f18b440e30; Expires=Sun, 
02-Mar-2008 11:26:15 GMT; Path=/
Location: http://MyHostName/xwiki/bin/view/Main/
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Content-Length: 0
Date: Sat, 16 Feb 2008 11:26:15 GMT
----------------------------------------------------------

I've replaced username and password values with xxxxxxxxx and the real 
hostname with MyHostName.

In xredirect I can easily identify : as %3A and / as %2F. But, is it 
possible to pass the string &j_ in an "regular" URL? Or must I
pass also
the Set-Cookie values with the getauth function? I've been playing for a 
while with this function, but no results so far.

Thanks for your help!

Ricardo

-- 
Ricardo Rodr?guez
Your XEN ICT Team