session management

Tim Churches tchur at
Sun Aug 8 06:16:26 CEST 2004

On Sun, 2004-08-08 at 14:02, Ajay Brar wrote:

> and how secure would such a mechanism be? the user enters their username 
> and password and i compare the hash of both the username and password 
> with values stored in an encrypted file. if the comparison is successful 
> i create the session. is this a reasonably secure scheme? does anyone 
> see any problems with this

OWASP is a good place to start reading:

We also found this paper very useful:


Tim C

PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere
or at
Key fingerprint = 8C22 BF76 33BA B3B5 1D5B  EB37 7891 46A9 EAF9 93D0

More information about the Python-list mailing list