CGI question: safe passwords possible?
Mon Jun 2 16:02:06 CEST 2003
Peter Hansen <peter at engcorp.com> writes:
> Ah, a nice solution, I would say. If the password is actually compromised,
> requiring the user to contact the adminstrator to "reset" their password,
> or asking the server to generate a new password which is sent via email,
> would be reasonably acceptable approaches.
If the opponent is intercepting web traffic they're probably also
intercepting email. It's sort of possible to implement low-exponent
choose a new password and send it to the server that way.
It's all silly though, SSL is definitely the way to do this. Any
application with serious enough security requirements to worry about
passwords getting intercepted from IP traffic needs to choose good
hosting providers, and those usually offer SSL.
More information about the Python-list