session management

Tim Churches tchur at optushome.com.au
Sun Aug 8 06:16:26 CEST 2004


On Sun, 2004-08-08 at 14:02, Ajay Brar wrote:

> and how secure would such a mechanism be? the user enters their username 
> and password and i compare the hash of both the username and password 
> with values stored in an encrypted file. if the comparison is successful 
> i create the session. is this a reasonably secure scheme? does anyone 
> see any problems with this

OWASP is a good place to start reading: http://www.owasp.org

We also found this paper very useful:
http://pdos.lcs.mit.edu/cookies/pubs/webauth.html

-- 

Tim C

PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere
or at http://members.optushome.com.au/tchur/pubkey.asc
Key fingerprint = 8C22 BF76 33BA B3B5 1D5B  EB37 7891 46A9 EAF9 93D0






More information about the Python-list mailing list