session management
Tim Churches
tchur at optushome.com.au
Sun Aug 8 00:16:26 EDT 2004
On Sun, 2004-08-08 at 14:02, Ajay Brar wrote:
> and how secure would such a mechanism be? the user enters their username
> and password and i compare the hash of both the username and password
> with values stored in an encrypted file. if the comparison is successful
> i create the session. is this a reasonably secure scheme? does anyone
> see any problems with this
OWASP is a good place to start reading: http://www.owasp.org
We also found this paper very useful:
http://pdos.lcs.mit.edu/cookies/pubs/webauth.html
--
Tim C
PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere
or at http://members.optushome.com.au/tchur/pubkey.asc
Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
More information about the Python-list
mailing list