user authentication interface in python

[Peter Hansen]

scn wrote:
> 
> hello.  does anyone have a high-level example of how to implement
> 'secure' user authentication interface for web users in python.
> 
> i am in the process of designing a simple web application that
> requires user authentication and i remembered that php typically held
> system authentication information in a separate file and included this
> file in the main interface script.

How secure do you need it?  Will this be processing any financial
information, or critical private information of individuals, or
merely passwords for access to a non-critical system?

The only options you probably have for "real" security is SSL
(like when you are paying with a credit card and hit an https://
page instead of an http:// one), or using IPSec to establish
secure channels to your server.

If you want lesser security, you should probably give more detail
about the level you want.  You can do anything from protecting
against casual attacks (e.g. using the Basic Auth feature of HTTP),
right up to encryption with certificates to verify keys, with SSL.

Finally, if you know exactly how the PHP stuff worked, and just want 
the same level of security, what's stopping you from doing the same
thing with Python?

-Peter