CGI question: safe passwords possible?
Ian Bicking
ianb at colorstudy.com
Fri May 30 19:43:53 EDT 2003
On Fri, 2003-05-30 at 17:01, Will Stuyvesant wrote:
> I do CGI programming with Python and I know how to make HTML forms
> with "user" and "password" fields. But these get sent "in the clear"
> over internet, somebody told me. I have no power over the webserver
> (it's in the hands of my service provider and they generally do not
> want to install/change/configure thing). Is there any way to do
> Name+Password safely using just CGI and Python, so only users with a
> valid Name+Password can get access to the next CGI scripts?
Yes, you can have the client hash the password using JavaScript. You
can find free code for doing MD5 or SHA hashing in JavaScript, and then
use code kind of like:
<form action="whatever" onSubmit="dohash(this)">
<input type="password" name="password">
<input type="hidden" name="password_enc">
<script>
function dohash(form) {
form.elements.password_enc.value =
md5hash(form.elements.password.value);
form.elements.password.value = "";
}
</script>
(testing this and finding the md5hash implementation are excersizes left
to the user)
Ian
More information about the Python-list
mailing list