Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #7902

Re: Strategy to Verify Python Program is POST'ing to a web server.

From Eden Kirin <eden@bicikl.>
Newsgroups comp.lang.python
Subject Re: Strategy to Verify Python Program is POST'ing to a web server.
Date 2011-06-18 14:32 +0200
Organization Amis Telekom, Hrvatska
Message-ID <iti5t8$ffl$1@nntp.amis.hr> (permalink)
References <d8c7dc52-0c54-4b29-a7b6-bcd833686611@q12g2000prb.googlegroups.com>

Show all headers | View raw

On 18.06.2011 13:34, mzagursk@gmail.com wrote:
> Hello Folks,
>
> I am wondering what your strategies are for ensuring that data
> transmitted to a website via a python program is indeed from that
> program, and not from someone submitting POST data using some other
> means.  I find it likely that there is no solution, in which case what
> is the best solution for sending data to a remote server from a python
> program and ensuring that it is from that program?
>
> For example, if I create a website that tracks some sort of
> statistical information and don't ensure that my program is the one
> that is uploading it, the statistics can be thrown off by people
> entering false POST data onto the data upload page.  Any remedy?

Include some hash check in hidden field.

For example, from your python program you will include hidden fields 
random_number and hash:

import random, hashlib
my_secret_key = "MySecretKey"
random_number = "%f" % random.random()
hash = hashlib.sha1("%s %s" % (my_secret_key, random_number)).hexdigest()

On the server side check hash with random_number and secret key to 
ensure the data is POSTed from your application.

-- 
www.vikendi.com -/- www.svimi.net

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Strategy to Verify Python Program is POST'ing to a web server. "mzagursk@gmail.com" <mzagursk@gmail.com> - 2011-06-18 04:34 -0700
  Re: Strategy to Verify Python Program is POST'ing to a web server. Eden Kirin <eden@bicikl.> - 2011-06-18 14:32 +0200
  Re: Strategy to Verify Python Program is POST'ing to a web server. Michael Hrivnak <mhrivnak@hrivnak.org> - 2011-06-18 13:05 -0400
  Re: Strategy to Verify Python Program is POST'ing to a web server. Chris Angelico <rosuav@gmail.com> - 2011-06-19 03:26 +1000
  Re: Strategy to Verify Python Program is POST'ing to a web server. Tim Roberts <timr@probo.com> - 2011-06-18 12:37 -0700
  Re: Strategy to Verify Python Program is POST'ing to a web server. Michael Hrivnak <mhrivnak@hrivnak.org> - 2011-06-18 16:40 -0400
    Re: Strategy to Verify Python Program is POST'ing to a web server. Gregory Ewing <greg.ewing@canterbury.ac.nz> - 2011-06-19 12:38 +1200
      Re: Strategy to Verify Python Program is POST'ing to a web server. Chris Angelico <rosuav@gmail.com> - 2011-06-19 10:54 +1000
  Re: Strategy to Verify Python Program is POST'ing to a web server. Paul Rubin <no.email@nospam.invalid> - 2011-06-18 14:03 -0700
  Re: Strategy to Verify Python Program is POST'ing to a web server. Terry Reedy <tjreedy@udel.edu> - 2011-06-18 17:17 -0400
  Re: Strategy to Verify Python Program is POST'ing to a web server. Chris Angelico <rosuav@gmail.com> - 2011-06-19 09:12 +1000
  Re: Strategy to Verify Python Program is POST'ing to a web server. Nobody <nobody@nowhere.com> - 2011-06-19 05:47 +0100
    Re: Strategy to Verify Python Program is POST'ing to a web server. Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2011-06-19 12:03 +0000
      Re: Strategy to Verify Python Program is POST'ing to a web server. Paul Rubin <no.email@nospam.invalid> - 2011-06-19 05:18 -0700

csiph-web