[Tutor] passwords

Danny Yoo dyoo@hkn.eecs.berkeley.edu
Mon, 11 Feb 2002 13:21:05 -0800 (PST)

On Mon, 11 Feb 2002, Remco Gerlich wrote:

> If your web server is cracked, the page with the form can be replaced
> by one which sends the form info to somewhere else, so the cracker
> receives the password info.
> Even if this is not possible, someone could change browser settings at
> a *user's* computer, so they get a page that looks like the change
> password page but actually sends the info to the cracker (for instance
> by configuring a proxy). This is usually very easy.
> Form contents may be cached on the user's computer.

A non-Python solution might involve remote access with SSH.  There's a
Java ssh applet called 'Mindterm' that you can embed in your web page ---
this may be a better approach, since the applet has more control over the
information going through the network.  Take a look at:


for details on Mindterm.

Hope this helps!