[Tutor] Re: A little more security
Charlie Clark
charlie@begeistert.org
Sat Jan 11 18:44:01 2003
>
> At 12:59 PM +0630 on 2003-01-08, John Abbe typed:
> >Aksed before, but no answer, so:
> >
> >I'm working on a Python CGI using passwords, which for now i've
> >implemented in a field that gets sent with the GET method. This is
> >obviously insecure. I'm guessing that https might be the simplest way to
> >add security, but am very open to any suggestions.
> >
> >If it is to be https, i'd love to hear about any simpler ways to use it
> >than the stuff pointed at by this news thread:
Hi John,
the thread you point to deals with implementing an https server in Python
but you shouldn't need to do that if you are writing a cgi program because
cgi is on "the other side" of the web server. https occurs between browser
and webserver, the web server should pass on the values unencrypted to the
cgi-program. If you want to operate without https you might want to use a
javascript.encode call in the browser to encrypt the data.
Charlie