CGI question: safe passwords possible?
Will Stuyvesant
hwlgw at hotmail.com
Sat May 31 03:35:34 EDT 2003
> [Gerhard Häring]
> The proper solution IMO is to let the webserver authenticate the user.
> With HTTP Digest authentication this is probably the safest you can get
> without going SSL.
>
> Even in a hosted environment you should be able to upload a simple
> .htaccess file that does this for you.
Now I have a couple of questions... I did also google for some of the
answers but it is very hard to find something clear. So if you or
somebody else would care to give a short explanation if you have time?
- Authenticate? HTTP Digest?
To authenticate means something like identify? So the server knows it
is *the* user and not somebody else? I have only a vague notion of
this.
Indeed I am on a hosted environment, so SSL is no option, as far as I
understand...
I did see "Authentication:" headers in the HTTP, could that be done
from CGI?
- .htaccess?
I guess to "upload a simple .htaccess" is possible, just like putting
.html files in ~/public_html or .py (CGI) files in ~/cgi-bin? But
what do I put in that .htaccess file?
--
He: "If I made love to you, would you yell?"
She: "What do you want me to yell?"
-- Benny Hill
More information about the Python-list
mailing list