<ma*********@googlemail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
Is there a good reason I shouldn't store hashed password in MySQL and
call them from Python scripts instead of using the apache auth module
directly?
That's what I do when writing web apps. One good reason to do this is that
your web app probably needs to offer users the ability to log out. Any
solution using mod_auth_* (regardless of whether the passwords are stored in
MySQL, htpasswd file, LDAP, etc.) has the problem that it uses HTTP
authentication. Most browsers offer no way to log out when using HTTP
authentication, without closing the browser.
Rolling your own login/logout system, or using one provided for you by a web
application framework, offers more flexibility, and enables you to do things
that basic HTTP authentication can't do.
In MySQL, I recommend using the MD5 function to store hashes of passwords.
Don't use the PASSWORD function; this is intended only for use by the MySQL
account system.
Regards,
Bill K.