|
Gregory (Grisha) Trubetskoy
grisha at modpython.org
Tue Nov 25 21:53:28 EST 2003
BTW, the python standard library now includes an hmac module: http://www.python.org/doc/current/lib/module-hmac.html Which is functionally similar to using md5 directly, only in a well-researched and standardized way. Grisha On Tue, 25 Nov 2003, Michael C. Neel wrote: > > And I did not use GZIP because the MD5 hash has got a fixed length. > > > Not MD5 Hash it, but sign it with MD5. Basically build an MD5 hash from > a secret string and the data. Here is the methods from albatross: > > def sign(self, text): > m = md5.new() > m.update(self.__secret) > m.update(text) > text = m.digest() + text > return text > > def unsign(self, text): > digest = text[:16] > text = text[16:] > m = md5.new() > m.update(self.__secret) > m.update(text) > if m.digest() == digest: > return text > return '' > > You can of course store the text server side and just pass the client > the MD5 hash/key, you just have to have a way to clear out old session > files and also make sure you have enough disk space for the amount of > sessions you expect. > > Mike > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python >
|