CGI question: safe passwords possible?
Will Stuyvesant
hwlgw at hotmail.com
Sun Jun 1 06:35:17 EDT 2003
I would like to thank you all for filling up some vacuums in my
knowledge!
I was already experimenting with httplib and urllib2 modules to see if
I can do HTTP Digest authentication but this is all very cumbersome
and not compatible among hosts (as far as I understand). But my
conclusion is so much simpler that all this! If you really want
security, use HTTPS. That is HTTP over a SSL connection (one of the
many things I did not know). Just let your host turn your whole site
into HTTPS and then you are secure. The *great* advantage is that you
do not have to change a single line of code in your prototype that
works with plain HTTP. That one has "user" and "password" fiels that
are sent in the open, but who cares? It's only a prototype. If there
is real money involved get HTTPS.
Simple, nice, elegant.
Am I right? Is it true, the part about not having to change your HTML
and CGI code? Well, except for some URLs in them maybe, but they
could be stored in a separate configuration file. I mean, you maybe
have to change things like http://yourhost/yourloginpage.html to
http://yourhost/yourloginpage.shtml or something?
Anyway, thanks again. This made my work a lot simpler!
--
One of the great skills in using any language is knowing
what not to use, what not to say. ... There's that
simplicity thing again.
-- Ron Jeffries
More information about the Python-list
mailing list