passwords to CGI
Andrew Clover
and-google at doxdesk.com
Wed Jan 15 10:52:36 EST 2003
Will Stuyvesant <hwlgw at hotmail.com> wrote:
> Is there a way to encrypt a password before it is sent?
A. Use SSL.
B. Use HTTP Digest Authentication.
C. Use client-side scripting to hash the password.
(A) is good, but implies the hassle of getting certificates, and
an HTTPS server if you are not already using one.
(B) is great, but is not well-supported by user agents. (read:
no-go on Internet Explorer)
(C) is effective but requires the user to have JavaScript enabled.
I usually end up (on non-SSL sites) using a hybrid authentication
scheme where a script on the page generates an MD5 hash of the
password entered and puts it in a cookie. If the authentication-
required page(s) don't see a valid login cookie they fall back to
using HTTP Basic Authentication.
Can send you client JavaScript and server Python code that implements
this if it might help.
--
Andrew Clover
mailto:and at doxdesk.com
http://www.doxdesk.com/
More information about the Python-list
mailing list