Send password over TCP connection
Peter Hansen
peter at engcorp.com
Mon Oct 10 22:18:42 EDT 2005
dcrespo wrote:
> Two copies of the password: one on the client, the other on the server.
[snip]
> I think it is a very good solution, Isn't it?
Ignoring all the other issues, any solution which actually requires the
password to be stored on the server is a bad solution. Administrators
should not have access to user passwords, and in addition users should
not be put in the position of having to trust your server-side security
to keep their passwords (which they might have used on other systems)
from being grabbed by hackers.
-Peter
More information about the Python-list
mailing list