Re: [Web Hooks] Making HTTP POST secure in Python
76 views
Skip to first unread message
Message has been deleted
Jeff Lindsay
Nov 6, 2009, 1:00:32 PM11/6/09
to webh...@googlegroups.com
What about the request are you trying to make secure? You can do an HMAC signature. Google does this and recently PubSubHubbub added it as an option.
--
Jeff Lindsay
http://webhooks.org -- Make the web more programmable
http://shdh.org -- A party for hackers and thinkers
http://tigdb.com -- Discover indie games
http://progrium.com -- More interesting things
On Fri, Nov 6, 2009 at 9:59 AM, dhruvg <dhruv...@gmail.com> wrote:
I am thinking of implementing Webhooks using Python..
I was wondering if anyone had pointers in ways to make HTTP POST
requests more secure in Python. Besides using SSL encryption, is there
anything else I can do?
--
Jeff Lindsay
http://webhooks.org -- Make the web more programmable
http://shdh.org -- A party for hackers and thinkers
http://tigdb.com -- Discover indie games
http://progrium.com -- More interesting things
Message has been deleted
Jeff Lindsay
Nov 6, 2009, 3:07:45 PM11/6/09
to webh...@googlegroups.com
Other than SSL, you can do your own key-based encryption. But you're not being very clear about what you mean by secure. Secure as in private or secure as in untamperable?
On Fri, Nov 6, 2009 at 11:55 AM, dhruvg <dhruv...@gmail.com> wrote:
I am trying to make all the body data in the POST message secure.
On Nov 6, 1:00 pm, Jeff Lindsay <progr...@gmail.com> wrote:
> What about the request are you trying to make secure? You can do an HMAC
> signature. Google does this and recently PubSubHubbub added it as an option.
>
> On Fri, Nov 6, 2009 at 9:59 AM, dhruvg <dhruv.g...@gmail.com> wrote:
>
> > I am thinking of implementing Webhooks using Python..
>
> > I was wondering if anyone had pointers in ways to make HTTP POST
> > requests more secure in Python. Besides using SSL encryption, is there
> > anything else I can do?
>
> --
> Jeff Lindsayhttp://webhooks.org-- Make the web more programmablehttp://shdh.org-- A party for hackers and thinkershttp://tigdb.com-- Discover indie gameshttp://progrium.com-- More interesting things
Message has been deleted
Jeff Lindsay
Nov 6, 2009, 3:11:45 PM11/6/09
to webh...@googlegroups.com
Untamperable you just need an HMAC signature (with shared key). This ensures the data is what was intended from the sender, but requires the receiver to check if they want this.
On Fri, Nov 6, 2009 at 12:09 PM, Dhruv Garg <dhruv...@gmail.com> wrote:
I meant untamperable. Thanks for the advice.
--
Dhruv R. Garg
Massachusetts Institute of Technology | Class of 2012
Department of Electrical Engineering & Computer Science
400 Memorial Drive | Cambridge, MA 02139
408-540-8040 | dhr...@mit.edu | www.dhruvgarg.com
Reply all
Reply to author
Forward
0 new messages