|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Re: Cookies at XML Europe 2004 -- Call for Participation
> > Good security requires state.
>
> I don't understand this. _Efficient_ security may require state, but
> using a distinct and unpredictable session key for every stateless
> transaction is surely entirely secure.
First, good security is efficient security. Second, in order to securely
exchange session keys, you have to use the "login key" of the parties.
This means the login key (e.g., private key, or passphrase-to-3DESkey)
has to be available for every transaction. This means its exposed more.
This means it's less secure.
It would be as if the Unix shell required you to enter you password each
time you entered a command line.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart








