[Tutor] passwords

[Danny Yoo]

On Mon, 11 Feb 2002, Remco Gerlich wrote:

> If your web server is cracked, the page with the form can be replaced
> by one which sends the form info to somewhere else, so the cracker
> receives the password info.
> 
> Even if this is not possible, someone could change browser settings at
> a *user's* computer, so they get a page that looks like the change
> password page but actually sends the info to the cracker (for instance
> by configuring a proxy). This is usually very easy.
> 
> Form contents may be cached on the user's computer.


A non-Python solution might involve remote access with SSH.  There's a
Java ssh applet called 'Mindterm' that you can embed in your web page ---
this may be a better approach, since the applet has more control over the
information going through the network.  Take a look at:

    http://www.appgate.org/mindterm/

for details on Mindterm.

Hope this helps!