Generating Unique Keys
Paul Rubin
phr-n2003b at NOSPAMnightsong.com
Sat Jan 25 18:16:06 EST 2003
Mongryong <Mongryong at sympatico.ca> writes:
> > Even with a 'randomly' generated session key, a malicious user can still
> > steal the session key of a active user. Is there an algorithm or
> > solution to this security risk?
>
> Well, I guess encryption (HTTPS) is the best answer. Is it the only
> answer?
Pretty much so, if you're worried about someone intercepting your IP
traffic. Usually it's only worth doing that if you're moving
confidential info (financial, email, etc.) over the web connection.
More information about the Python-list
mailing list