Re: [web2py] Password Transmitted in plain text
On 17 Dec 2013, at 2:08 PM, P T wrote: > I deployed a small app on the intranet and noticed that the username and > password are transmitted in plain text (using a tool WireShark, > http://www.wireshark.org/). > > Here is my setup: > 2.8.2-stable+timestamp.2013.11.28.13.54.07 > (Running on Rocket 1.2.6, Python 2.7.6) > Database: Postgresql > > So, I checked the model and noticed that my auth did not include hmac_key. > So, I changed that to > > auth = Auth(db, hmac_key=Auth.get_or_create_key()) > > But, this did not help either. > > What should I do to make sure that user's passwords are transmitted as > encrypted? Use SSL. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[web2py] Password Transmitted in plain text
I deployed a small app on the intranet and noticed that the username and password are transmitted in plain text (using a tool WireShark, http://www.wireshark.org/). Here is my setup: 2.8.2-stable+timestamp.2013.11.28.13.54.07 (Running on Rocket 1.2.6, Python 2.7.6) Database: Postgresql So, I checked the model and noticed that my auth did not include hmac_key. So, I changed that to auth = Auth(db, hmac_key=Auth.get_or_create_key()) But, this did not help either. What should I do to make sure that user's passwords are transmitted as encrypted? Thanks, PT -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.