did you tried django as web framework ??? El lun, 07-07-2008 a las 21:15 -0400, James escribió: > Hi All, > > I'm writing a web application in CherryPy. What a beautiful thing it > is to write Python code and get a simple yet powerful web output. :) > > The web application needs to have some decent level of security and > authentication implemented. > > The big issue here is that the user password is stored in a database > and algorithmically calculated as follows: > md5( md5( $password ) + salt ) ) > > The salt is also stored in the database (which I have full access to). > I can easily use the md5 library to compare what a user gives me and > see if that's the correct password (based on the salt and the stored > password in the database). I'm unsure, however, how to go about > implementing security into my web application. > > CherryPy obviously has a 'session' library in it. But in the periods > of time I've researched writing web applications in the past > (primarily when dealing with PHP), there was always great debate in > how to write a "good" secure web application. (i.e., it becomes tricky > when determining what precisely you should be passing around in terms > of session variables). > > Thoughts? Am I going about this the wrong way? It would be much easier > to use either digest or basic http authentication mechanisms, but I > don't think that this is possible because of the fact that the > password is double-hashed in the database (or am I wrong?). > > Any help appreciated. :o) > > -j --
________________________________________________________
Ing. Anielkis Herrera González
Desarrollador de Nova
Linux User #377809
Universidad de las Ciencias Informáticas
Cuba
________________________________________________________
smime.p7s
Description: S/MIME cryptographic signature
