On 18.06.2011 13:34, mzagu...@gmail.com wrote:
Hello Folks,
I am wondering what your strategies are for ensuring that data
transmitted to a website via a python program is indeed from that
program, and not from someone submitting POST data using some other
means. I find it likely that there is no solution, in which case what
is the best solution for sending data to a remote server from a python
program and ensuring that it is from that program?
For example, if I create a website that tracks some sort of
statistical information and don't ensure that my program is the one
that is uploading it, the statistics can be thrown off by people
entering false POST data onto the data upload page. Any remedy?
Include some hash check in hidden field.
For example, from your python program you will include hidden fields
random_number and hash:
import random, hashlib
my_secret_key = "MySecretKey"
random_number = "%f" % random.random()
hash = hashlib.sha1("%s %s" % (my_secret_key, random_number)).hexdigest()
On the server side check hash with random_number and secret key to
ensure the data is POSTed from your application.
--
www.vikendi.com -/- www.svimi.net
--
http://mail.python.org/mailman/listinfo/python-list
