CGI question: safe passwords possible?
Gerhard Häring
gh at ghaering.de
Fri May 30 20:56:30 EDT 2003
In article <7xel2gghbp.fsf at ruckus.brouhaha.com>, Paul Rubin wrote:
> hwlgw at hotmail.com (Will Stuyvesant) writes:
>> I do CGI programming with Python and I know how to make HTML forms
>> with "user" and "password" fields. But these get sent "in the clear"
>> over internet, somebody told me. I have no power over the webserver
>> (it's in the hands of my service provider and they generally do not
>> want to install/change/configure thing). Is there any way to do
>> Name+Password safely using just CGI and Python, so only users with a
>> valid Name+Password can get access to the next CGI scripts?
>
> The right way to do that is with SSL, which lots of web providers offer.
>
> If you can't use SSL, there are ways you can do it with client side
> Javascript (or even Java applets) assisting your CGI, but that would
> make your pages JS-dependent and probably is not worth the trouble.
This does help how against mitm attacks? What's wrong with using the
tool designed for this job (HTTP authentication)?
-- Gerhard
More information about the Python-list
mailing list