[mod_python] Authentication and security in general

Dan Eloff dan.eloff at gmail.com
Wed Apr 26 11:37:44 EDT 2006


> Digest auth protects your password very well (it's not sent over the network at all). It does not
> protect the contents or URL or any other part of the request like SSL does. It is very hard to
> calculate a password based on its MD5 hash alone.

Yes, it protects the password perfectly. But that just stops a person
from using your username and password to login with. It's remarkably
easy to just send the username and digest and gain access to all the
same things. Most people who would have the skills to glean your
username/password from the communications would know how to do this.
So it only offers the illusion of security.

-Dan



More information about the Mod_python mailing list