2011/5/18 luckysmack <luckysm...@gmail.com>: > I recently listened to a podcast from a HOPE conference last year, and > the podcast talked about post data obfuscation. Where when the post > data is submitted it is obfuscated by javascript and a false copy is > passed through POST and a real copy is sent to the server. it also > send a special key that is encrypted and the server only knows the > real key. So if the hacker find out the POST data is obfuscated and > tries to do the same, the server will know whether its the real copy > or not. > > I was curious if web2py (or really python in general, that i could > plug into web2py) had any kind of feature like this. I figured it > might not, So my second part of the question is if anyone knows of a > way to do this in python that I can use with web2py. In the end if I > can get this to work I would be willing to submit my code for others > to use so we can all benefit. > > So for eaither method, i was looking if anyone had something to help > me get started. > > Heres the podcast (mp3) in questioned I listened to: > > http://c2047862.cdn.cloudfiles.rackspacecloud.com/tnhb05.mp3 > > which is from this site (they have some other great talks about web as > well. though most are generally security and hackerish related) > > http://thenexthope.org/talks-list/
Running the application over https you get the same benefit when using Post (supposing the hacker access to the posted data using a network sniffer)