passwords to CGI
Paul Rubin
phr-n2002b at NOSPAMnightsong.com
Wed Jan 15 04:08:39 EST 2003
Erik Max Francis <max at alcyone.com> writes:
> I've done similar things, and it's usually sufficient if you're not too
> worried about people compromising each other's accounts. You should
> also include the remote host in generating the ID, so that someone can't
> sniff it remotely and then use it from another host (while the ID is
> still active).
You can't count on the remote host staying the same between http hits,
even from the same client, because some proxy servers can switch IP
addresses out from under you beteen hits. That happens with AOL
users, for example.
More information about the Python-list
mailing list