This question is for learning purposes. Suppose I am writing a simple SQL admin console using CGI and Python. At http://something.com/admin, this admin console should allow me to modify a SQL database (i.e., create and modify tables, and create and modify records) using an ordinary form.

1. In the least secure case, anybody can access http://something.com/admin and modify the database.
2. You can password protect http://something.com/admin. But once you start using the admin console, information is still transmitted in plain text.
3. So then you use HTTPS to secure the transmitted data.

Questions:

1. To describe to a learner, how would you incrementally add security to the least secure environment in order to make it most secure? How would you modify/augment my three (possibly erroneous) steps above?
2. What basic tools in Python make your steps possible?
3. Optional: Now that I understand the process, how do sophisticated libraries and frameworks inherently achieve this level of security?