Q: secure parameter passing to python CGI script on web server 
Author Message
 Q: secure parameter passing to python CGI script on web server

Hi,

I don't like to show the parameters to web server on the url.  How to pass
the parameters to python CGI scripts secure and invisible on the url ?
Another question not related to python...
I am operating a web site with CGI scripts.  Can I make the urls is not
changed under my site ?
For instance, I want to show always http://www.*-*-*.com/
matter what page user is located under the site.  Does anyone know how to do
that ?

Thank you.



Mon, 19 May 2003 03:00:00 GMT  
 Q: secure parameter passing to python CGI script on web server

Quote:
> Hi,

> I don't like to show the parameters to web server on the url.  How to pass
> the parameters to python CGI scripts secure and invisible on the url ?

There is no real security, but by using POST rather than GET
you make the parameters less obviously visible to "laypeople".

Quote:
> Another question not related to python...
> I am operating a web site with CGI scripts.  Can I make the urls is not
> changed under my site ?
> For instance, I want to show always http://www.aaa.edu/cgi-bin on url no
> matter what page user is located under the site.  Does anyone know how to
do
> that ?

Direct all of your POST requests to that URL and have it
forward the call to the 'true script' depending on some
extra parameter (which can be invisible).

[Does it mean "we've made it!", just like Perl, when we
get non-Python-related CGI questions?-)]

Alex



Mon, 19 May 2003 03:00:00 GMT  
 Q: secure parameter passing to python CGI script on web server

| Hi,
| I don't like to show the parameters to web server on the url.  How to pass
| the parameters to python CGI scripts secure and invisible on the url ?

for making the parameters secure from interception by third parties,
use ssl/tls (ie https urls).

for making the parameters invisible on the url, use the POST method.

  -- erno



Tue, 20 May 2003 15:38:30 GMT  
 Q: secure parameter passing to python CGI script on web server

Quote:


> | Hi,
> | I don't like to show the parameters to web server on the url.  How to
pass
> | the parameters to python CGI scripts secure and invisible on the url ?

> for making the parameters secure from interception by third parties,
> use ssl/tls (ie https urls).

This will give security against third-party interception, but will
unfortunately not inhibit the browser from showing the URL, including any
arguments, in its location entry box.  Also note that you need a server
certificate for SSL.

Quote:
> for making the parameters invisible on the url, use the POST method.

Note, however, that to do this everywhere you will have to add an OnClick
attribute to your links, and include client-side scripting to submit the
appropriate form.  This will make your pages rather more complex than when
using ordinary links, but will meet the stated requirements.  Be aware,
however, that savvy users can still see the form sources (and therefore the
input values) by reading the page's source.

Quote:
>   -- erno

regards
 Steve


Tue, 20 May 2003 03:00:00 GMT  
 Q: secure parameter passing to python CGI script on web server

| This will give security against third-party interception, but will
| unfortunately not inhibit the browser from showing the URL,
| including any arguments, in its location entry box.

well, it is not really that unfortunate because... see below.

| Also note that you need a server | certificate for SSL.

yeah, but you can make one yourself if you want to use an
alternate trust model than the x509/commercial ca's one.

| Be aware, however, that savvy users can still see the form sources
| (and therefore the input values) by reading the page's source.

savvy users can of course read anything you send them over the
network. if you want to keep some information to yourself, do not send
it over the network to the client. you cannot restrict access to data
your are sending to an untrusted clients. for a variation of the
theme, see the dvd/css case.

however, you can sometimes get by with encrypting the information you
are sending to the client with a key that is only known by you, if you
only require the client to send a certain piece of information back
and not interpret it.

   -- erno



Tue, 20 May 2003 03:00:00 GMT  
 
 [ 7 post ] 

 Relevant Pages 

1. CGI scripts in Python on MicroSofts Personal web server

2. CGI scripts in Python on MicroSofts Personal web server

3. Enter parameters into Fortran executable from python cgi script

4. Commercial Web Hosting w/ Python CGI Scripts?

5. Web server executing Python scripts

6. Web server executing Python scripts

7. passing CGI parameters to ruby MySQL interface

8. parameter passing from apple script to RB

9. Help passing command line parameters to awk scripts

10. THANKS: Help passing command line parameters to awk script

11. ROUTE and parameter passing to Script nodes

12. Communication between a Python process and a Python cgi script

 

 
Powered by phpBB® Forum Software