passwords to CGI
Paul Rubin
phr-n2002b at NOSPAMnightsong.com
Tue Jan 14 21:31:09 EST 2003
Erik Max Francis <max at alcyone.com> writes:
> True, but many of those conversations don't involve private information.
> Some do. We're specifically talking about a "conversation" that
> involves private information, i.e. passwords.
A heck of a lot of sites use passwords for stuff that isn't that
private, e.g. for Slashdot preferences and stuff like that. They
almost never use SSL.
A typical strategy for users is to have a not-terribly-secret password
that you use for low-confidentiality stuff like web BBS's, and
possibly some more secure passwords for stuff like online banking.
Anyway, without knowing what kind of site we're talking about, it
doesn't make sense to say SSL is worthwhile.
More information about the Python-list
mailing list