|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] RE: Re: Cookies at XML Europe 2004 -- Call for Particip ati
At 11:32 PM -0500 1/5/04, Rich Salz wrote: >Then my requirement of limited exposure isn't met. Even worse, if *any* >packet is stolen, then my password is exposed. The only way to prevent >this is to use SSL for all traffic, which is not always a feasible, >or even reasonable, trade-off. > What you state is only true for the basic authentication scheme. Modern browsers and servers support digest authentication which securely transmits an encrypted password even over a plain HTTP connection. Only the password need be encrypted if the rest of the data isn't sensitive, so unnecessary cost is paid. This is described in RFC 2617 ftp://ftp.isi.edu/in-notes/rfc2617.txt -- Elliotte Rusty Harold elharo@m... Effective XML (Addison-Wesley, 2003) http://www.cafeconleche.org/books/effectivexml http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart








