Send password over TCP connection

Laszlo Zsolt Nagy gandalf at designaproduct.biz
Tue Oct 11 09:09:27 CEST 2005


>Ignoring all the other issues, any solution which actually requires the 
>password to be stored on the server is a bad solution.  Administrators 
>should not have access to user passwords, and in addition users should 
>not be put in the position of having to trust your server-side security 
>to keep their passwords (which they might have used on other systems) 
>from being grabbed by hackers.
>  
>
Users will always need to trust in the server. The authentication 
process ensures that the
client is really talking with the desired server and vice versa. But 
even if you know that you
are talking to the right server, you need to trust in the server. The 
administrator of the server
has access to all data. Possibly other persons and softwares too. 
Passwords are not different
from this point of view.

  Les




More information about the Python-list mailing list