[Tutor] Re: A little more security

[Charlie Clark]

> 
> At 12:59 PM +0630 on 2003-01-08, John Abbe typed:
> >Aksed before, but no answer, so:
> >
> >I'm working on a Python CGI using passwords, which for now i've 
> >implemented in a field that gets sent with the GET method. This is 
> >obviously insecure. I'm guessing that https might be the simplest way to 
> >add security, but am very open to any suggestions.
> >
> >If it is to be https, i'd love to hear about any simpler ways to use it 
> >than the stuff pointed at by this news thread:

Hi John,

the thread you point to deals with implementing an https server in Python 
but you shouldn't need to do that if you are writing a cgi program because 
cgi is on "the other side" of the web server. https occurs between browser 
and webserver, the web server should pass on the values unencrypted to the 
cgi-program. If you want to operate without https you might want to use a 
javascript.encode call in the browser to encrypt the data.

Charlie