CGI question: safe passwords possible?
Peter Hansen
peter at engcorp.com
Mon Jun 2 10:17:45 EDT 2003
More information about the Python-list mailing list
Mon Jun 2 10:17:45 EDT 2003
- Previous message (by thread): CGI question: safe passwords possible?
- Next message (by thread): twisted UDP port and REUSEADDR
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Paul Rubin wrote: > > Peter Hansen <peter at engcorp.com> writes: > > Ah, a nice solution, I would say. If the password is actually compromised, > > requiring the user to contact the adminstrator to "reset" their password, > > or asking the server to generate a new password which is sent via email, > > would be reasonably acceptable approaches. > > If the opponent is intercepting web traffic they're probably also > intercepting email. It's sort of possible to implement low-exponent > RSA encryption in Javascript if you're crazy enough. The user could > choose a new password and send it to the server that way. > > It's all silly though, SSL is definitely the way to do this. Any > application with serious enough security requirements to worry about > passwords getting intercepted from IP traffic needs to choose good > hosting providers, and those usually offer SSL. I'd definitely agree with that!
- Previous message (by thread): CGI question: safe passwords possible?
- Next message (by thread): twisted UDP port and REUSEADDR
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list