passwords to CGI
Erik Max Francis
max at alcyone.com
Tue Jan 14 06:26:18 EST 2003
Paul Rubin wrote:
> You should stop looking for kludgy workarounds and fix whatever is
> wrong with POST. POST is the right way to deal with this type of
> thing.
> Otherwise the password appears not only in the browser but also in
> the server http log.
Ultimately the password is flying around the Internet in plaintext.
This is simply not acceptable for many applications. The proper,
complete solution is HTTP over SSL.
> Alternatively, instead of submitting a password to a cgi, use HTTP
> Basic authentication. That lowers your UI flexibility a little bit,
> but makes the server side programming a little simpler.
HTTP authentication still has passwords flying around in plaintext,
however.
--
Erik Max Francis / max at alcyone.com / http://www.alcyone.com/max/
__ San Jose, CA, USA / 37 20 N 121 53 W / &tSftDotIotE
/ \ You must surely know / If man made Heaven, then man made Hell
\__/ Level 42
Polly Wanna Cracka? / http://www.pollywannacracka.com/
The Internet resource for interracial relationships.
More information about the Python-list
mailing list