Strategy to Verify Python Program is POST'ing to a web server.

Eden Kirin eden at bicikl.
Sat Jun 18 08:32:40 EDT 2011

• Previous message (by thread): Strategy to Verify Python Program is POST'ing to a web server.
• Next message (by thread): Strategy to Verify Python Program is POST'ing to a web server.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

On 18.06.2011 13:34, mzagursk at gmail.com wrote:
> Hello Folks,
>> I am wondering what your strategies are for ensuring that data
> transmitted to a website via a python program is indeed from that
> program, and not from someone submitting POST data using some other
> means. I find it likely that there is no solution, in which case what
> is the best solution for sending data to a remote server from a python
> program and ensuring that it is from that program?
>> For example, if I create a website that tracks some sort of
> statistical information and don't ensure that my program is the one
> that is uploading it, the statistics can be thrown off by people
> entering false POST data onto the data upload page. Any remedy?

Include some hash check in hidden field.
For example, from your python program you will include hidden fields 
random_number and hash:
import random, hashlib
my_secret_key = "MySecretKey"
random_number = "%f" % random.random()
hash = hashlib.sha1("%s %s" % (my_secret_key, random_number)).hexdigest()
On the server side check hash with random_number and secret key to 
ensure the data is POSTed from your application.
-- 
www.vikendi.com -/- www.svimi.net

---

• Previous message (by thread): Strategy to Verify Python Program is POST'ing to a web server.
• Next message (by thread): Strategy to Verify Python Program is POST'ing to a web server.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-list mailing list