[mod_python] Form-based authentication using mod_puthon / Apache

Michael C. Neel neel at mediapulse.com
Tue Nov 25 10:50:58 EST 2003


> And I did not use GZIP because the MD5 hash has got a fixed length.
> 
Not MD5 Hash it, but sign it with MD5.  Basically build an MD5 hash from
a secret string and the data.  Here is the methods from albatross:

    def sign(self, text):
        m = md5.new()
        m.update(self.__secret)
        m.update(text)
        text = m.digest() + text
        return text

    def unsign(self, text):
        digest = text[:16]
        text = text[16:]
        m = md5.new()
        m.update(self.__secret)
        m.update(text)
        if m.digest() == digest:
            return text
        return ''

You can of course store the text server side and just pass the client
the MD5 hash/key, you just have to have a way to clear out old session
files and also make sure you have enough disk space for the amount of
sessions you expect.

Mike



More information about the Mod_python mailing list