#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Posts
    36
    Rep Power
    12

    web forms encryption


    Hey can anyone explain to me how to encrypt the info sent in forms, such as a create username one and how to decrypt it.

    p.s. I did see the encrytion thread below this one
  2. #2
  3. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    Hi,

    For this type of encryption you'd probably find the built-in rotor module interesting - which is allot like the crypt function in PHP (, *nix?) etc. there's also the crypt module but it's only available on *nix

    http://www.python.org/doc/current/lib/module-rotor.html
    http://www.python.org/doc/current/lib/module-crypt.html

    however since this was depreciated in Python 2.3.. your best bet is probably the python cryptography toolkit (pycrypto). I did a quick search on google for 'Python crypty()', this looks pretty interesting!

    http://www.sabren.net/code/python/crypt/

    As for encrpyting form data you need to get access to the data in the form (generally using cgi.FieldStorage()) and then encrypt that data, you can then do whatever you want to it i.e. store it in a db

    http://www.devshed.com/Server_Side/P...CGI/page1.html
    http://www.devshed.com/Server_Side/P...SQL/page1.html

    Could you explain what you mean by create username? that one has me at a loss

    Mark.
    programming language development: www.netytan.com Hula

  4. #3
  5. Wacky hack
    Devshed Novice (500 - 999 posts)

    Join Date
    Apr 2001
    Location
    London, England
    Posts
    513
    Rep Power
    14
    Also, if you want to have the data being sent between the user and the web site encrypted, you'll need to look into using SSL. That's to do with your web server, so contact your host about it.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Posts
    36
    Rep Power
    12
    oops sorry for confusing you. I need to create a create username name thingy for the message board im making, and this was probably a bad place to post this since it has to do with the html and encryption from the user to the server.
  8. #5
  9. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    So you want to randomly generate a username and password instread of letting the user pick there own? If so, it's not hard to do , especially with Python 2.3! All you have to do is call random.sample() on a string (possiably from a file), you dol need to check if the username exists first though.. can't really help with the server thing though obviously . How is your board coming anyway?

    Mark.
    programming language development: www.netytan.com Hula

  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Posts
    36
    Rep Power
    12
    no

    they need to enter there own but i need to encrypt its transfer from the page to the server
  12. #7
  13. Hello World :)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Mar 2003
    Location
    Hull, UK
    Posts
    2,537
    Rep Power
    69
    Telex is right, it sounds like you want SSL to me .. in any case i think this is more of a server thing than a Python question.

    I don't see how it's too much of a problem though Ark.. as far as i'm aware this forum just sends data from the browser to the webserver (no encryption). So not something i'd really worry about too much ayway!

    Mark.
    programming language development: www.netytan.com Hula

  14. #8
  15. Wacky hack
    Devshed Novice (500 - 999 posts)

    Join Date
    Apr 2001
    Location
    London, England
    Posts
    513
    Rep Power
    14
    As netyan says, SSL isn't necessary, though if you can make it work and you really want your data to be secure when being transmitted, it's probably a good thing to use. Look through the documentation for your web server, contact your host, and work out SSL.

    Otherwise, simply encrypting passwords with the MD5 algorithm is going to make the passwords very secure, and applying some simple obsfucation with regular expressions or using crypt will deter the less determined crackers.

IMN logo majestic logo threadwatch logo seochat tools logo