On 17 Dec 2013, at 2:28 PM, P T <[email protected]> wrote: > Thank you Leonel and Jonathan, > > But, thees lines require that I run a https server. Can we configure Rocket > server for https or should I deploy something like Apache?
Rocket supports SSL if the ssl module is available on the system. You'll need a certificate. Depending on what you're doing with it, a self-signed certificate might be adequate. Otherwise you can get a free single-host certificate from someone like: http://www.startssl.com/?app=40 > > Thanks for the help, > PT > > > > On Tuesday, December 17, 2013 4:11:57 PM UTC-6, Leonel Câmara wrote: > Of course they are. Use HTTPS if you don't want that to happen. > > request.requires_https() > > and > > session.secure() > > Are your friends. > > Terça-feira, 17 de Dezembro de 2013 22:08:34 UTC, P T escreveu: > I deployed a small app on the intranet and noticed that the username and > password are transmitted in plain text (using a tool WireShark, > http://www.wireshark.org/). > > Here is my setup: > 2.8.2-stable+timestamp.2013.11.28.13.54.07 > (Running on Rocket 1.2.6, Python 2.7.6) > Database: Postgresql > > So, I checked the model and noticed that my auth did not include hmac_key. > So, I changed that to > > auth = Auth(db, hmac_key=Auth.get_or_create_key()) > > But, this did not help either. > > What should I do to make sure that user's passwords are transmitted as > encrypted? > > Thanks, > PT > > -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
