* [gentoo-user] [ot] python + http authentication (with cherrypy)
@ 2008-07-08 1:15 James
2008-07-08 2:37 ` Anielkis Herrera Gonzalez
0 siblings, 1 reply; 2+ messages in thread
From: James @ 2008-07-08 1:15 UTC (permalink / raw
To: gentoo-user
Hi All,
I'm writing a web application in CherryPy. What a beautiful thing it
is to write Python code and get a simple yet powerful web output. :)
The web application needs to have some decent level of security and
authentication implemented.
The big issue here is that the user password is stored in a database
and algorithmically calculated as follows:
md5( md5( $password ) + salt ) )
The salt is also stored in the database (which I have full access to).
I can easily use the md5 library to compare what a user gives me and
see if that's the correct password (based on the salt and the stored
password in the database). I'm unsure, however, how to go about
implementing security into my web application.
CherryPy obviously has a 'session' library in it. But in the periods
of time I've researched writing web applications in the past
(primarily when dealing with PHP), there was always great debate in
how to write a "good" secure web application. (i.e., it becomes tricky
when determining what precisely you should be passing around in terms
of session variables).
Thoughts? Am I going about this the wrong way? It would be much easier
to use either digest or basic http authentication mechanisms, but I
don't think that this is possible because of the fact that the
password is double-hashed in the database (or am I wrong?).
Any help appreciated. :o)
-j
--
gentoo-user@lists.gentoo.org mailing list
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [gentoo-user] [ot] python + http authentication (with cherrypy)
2008-07-08 1:15 [gentoo-user] [ot] python + http authentication (with cherrypy) James
@ 2008-07-08 2:37 ` Anielkis Herrera Gonzalez
0 siblings, 0 replies; 2+ messages in thread
From: Anielkis Herrera Gonzalez @ 2008-07-08 2:37 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1: Type: text/plain, Size: 1893 bytes --]
did you tried django as web framework ???
El lun, 07-07-2008 a las 21:15 -0400, James escribió:
> Hi All,
>
> I'm writing a web application in CherryPy. What a beautiful thing it
> is to write Python code and get a simple yet powerful web output. :)
>
> The web application needs to have some decent level of security and
> authentication implemented.
>
> The big issue here is that the user password is stored in a database
> and algorithmically calculated as follows:
> md5( md5( $password ) + salt ) )
>
> The salt is also stored in the database (which I have full access to).
> I can easily use the md5 library to compare what a user gives me and
> see if that's the correct password (based on the salt and the stored
> password in the database). I'm unsure, however, how to go about
> implementing security into my web application.
>
> CherryPy obviously has a 'session' library in it. But in the periods
> of time I've researched writing web applications in the past
> (primarily when dealing with PHP), there was always great debate in
> how to write a "good" secure web application. (i.e., it becomes tricky
> when determining what precisely you should be passing around in terms
> of session variables).
>
> Thoughts? Am I going about this the wrong way? It would be much easier
> to use either digest or basic http authentication mechanisms, but I
> don't think that this is possible because of the fact that the
> password is double-hashed in the database (or am I wrong?).
>
> Any help appreciated. :o)
>
> -j
--
________________________________________________________
Ing. Anielkis Herrera González
Desarrollador de Nova
Linux User #377809
Universidad de las Ciencias Informáticas
Cuba
________________________________________________________
[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 2139 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-07-08 2:37 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-08 1:15 [gentoo-user] [ot] python + http authentication (with cherrypy) James
2008-07-08 2:37 ` Anielkis Herrera Gonzalez
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox