Strategy to Verify Python Program is POST'ing to a web server.
Eden Kirin
eden at bicikl.
Sat Jun 18 08:32:40 EDT 2011
On 18.06.2011 13:34, mzagursk at gmail.com wrote:
> Hello Folks,
>
> I am wondering what your strategies are for ensuring that data
> transmitted to a website via a python program is indeed from that
> program, and not from someone submitting POST data using some other
> means. I find it likely that there is no solution, in which case what
> is the best solution for sending data to a remote server from a python
> program and ensuring that it is from that program?
>
> For example, if I create a website that tracks some sort of
> statistical information and don't ensure that my program is the one
> that is uploading it, the statistics can be thrown off by people
> entering false POST data onto the data upload page. Any remedy?
Include some hash check in hidden field.
For example, from your python program you will include hidden fields
random_number and hash:
import random, hashlib
my_secret_key = "MySecretKey"
random_number = "%f" % random.random()
hash = hashlib.sha1("%s %s" % (my_secret_key, random_number)).hexdigest()
On the server side check hash with random_number and secret key to
ensure the data is POSTed from your application.
--
www.vikendi.com -/- www.svimi.net
More information about the Python-list
mailing list