Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Re: Cookies at XML Europe 2004 -- Call for Particip a
 At 12:31 PM -0500 1/6/04, Rich Salz wrote: >If you use it more than once, it's not a login password, it's a >session key. Having session keys be passwords that are created by >users is ridiculously bad security practice. Digest-auth is subject >to dictionary attacks. Encrypting data in the server's public key >brings scalability issues (imagine SSL without any caching!). > >Good security requires state, and that seems to be counter to REST. For the cases where this is really an issue, then maybe it is time to look at SSL and https so you're using real session keys. Yes, it costs CPU; but CPUs are cheaper and faster every day. And not all applications or pages need this level of security. Use it where you need it. -- Elliotte Rusty Harold elharo@m... Effective XML (Addison-Wesley, 2003) http://www.cafeconleche.org/books/effectivexml http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
