This question is for learning purposes. Suppose I am writing a simple SQL admin console using CGI and Python. At http://something.com/admin, this admin console should allow me to modify a SQL database (i.e., create and modify tables, and create and modify records) using an ordinary form
.
- In the least secure case, anybody can access http://something.com/admin and modify the database.
- You can password protect http://something.com/admin. But once you start using the admin console, information is still transmitted in plain text.
- So then you use HTTPS to secure the transmitted data.
Questions:
- To describe to a learner, how would you incrementally add security to the least secure environment in order to make it most secure? How would you modify/augment my three (possibly erroneous) steps above?
- What basic tools in Python make your steps possible?
- Optional: Now that I understand the process, how do sophisticated libraries and frameworks inherently achieve this level of security?