did you tried django as web framework ???
El lun, 07-07-2008 a las 21:15 -0400, James escribió:
> Hi All,
> I'm writing a web application in CherryPy. What a beautiful thing it
> is to write Python code and get a simple yet powerful web output.
> The web application needs to have some decent level of security and
> authentication implemented.
> The big issue here is that the user password is stored in a database
> and algorithmically calculated as follows:
> md5( md5( $password ) + salt ) )
> The salt is also stored in the database (which I have full access to).
> I can easily use the md5 library to compare what a user gives me and
> see if that's the correct password (based on the salt and the stored
> password in the database). I'm unsure, however, how to go about
> implementing security into my web application.
> CherryPy obviously has a 'session' library in it. But in the periods
> of time I've researched writing web applications in the past
> (primarily when dealing with PHP), there was always great debate in
> how to write a "good" secure web application. (i.e., it becomes tricky
> when determining what precisely you should be passing around in terms
> of session variables).
> Thoughts? Am I going about this the wrong way? It would be much easier
> to use either digest or basic http authentication mechanisms, but I
> don't think that this is possible because of the fact that the
> password is double-hashed in the database (or am I wrong?).
> Any help appreciated.
Ing. Anielkis Herrera González
Desarrollador de Nova
Linux User #377809
Universidad de las Ciencias Informáticas