[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Re: Cookies at XML Europe 2004 -- Call for Participation

• To: Elliotte Rusty Harold <elharo@m...>
• Subject: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• From: Rich Salz <rsalz@d...>
• Date: Fri, 09 Jan 2004 10:26:54 -0500
• Cc: "xml-dev@l..." <xml-dev@l...>
• In-reply-to: <p06010210bc23e3a62879@[192.168.254.4]>
• References: <Pine.LNX.4.44L0.0401082053220.6682-100000@s...> <p06010210bc23e3a62879@[192.168.254.4]>
• User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

>> Make sure they always connect to the site with SSL.
> 
> No, the client can't choose that.

Sure.  The client can decide not to risk the exposure.  Sure, the server 
might not do SSL, but at least the client can say "no."  With digest, 
you can't prevent the server from offering up a plaintext challenge, you 
can only agree not to continue.  So again, it's less protection.
	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

• References:
  • Re: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: Rich Salz <rsalz@d...>
  • Re: Re: Cookies at XML Europe 2004 -- Call forParticipation
    • From: Elliotte Rusty Harold <elharo@m...>

• Prev by Date: Re: c++ validating parser for xml
• Next by Date: Re: Urgent help needed. XML Parser
• Previous by thread: Re: Re: Cookies at XML Europe 2004 -- Call forParticipation
• Next by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Index(es):
  • Date
  • Thread