On 12/11/06, Kevin <[EMAIL PROTECTED]> wrote: > > > I like the idea of storing an encoded-pickled version of the form data > in a hidden field. I'm concerned about privacy implications with > sharing that data with the client. What about encrypting the contents > too? The server could have a private key that it encrypts the > serialized form data and decrypts on submission.
I'm mainly concerned with the scenario where credit cards are used as > part of the form. I haven't found too many supported cryptography > libraries for python though. I can't see a good reason for passing CC info in its entirety back and forth at all, no matter how encrypted. That said, there might be good reasons why you may want to encrypt form data, but I would leave that up to the individual programmer. Perhaps I could provide hooks into the serialization methods to allow for that. I'd envision: > base64.encodestring( crypto.encrypt(key, pickle.dumps(self.data))) > > and > base64.loads( crypto.decrypt(key, base64.decodestring( form_data ))) *(I made up the crypto library for demonstration) > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
