|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Expertise and Innovation - was Re: Non-Borgserve
Rich Salz wrote: >>It's tough when Elliotte's that completely right, but it happens pretty >>regularly. Usually when I'm on the other side, unfortunately. > > > Hey, let's not get carried away. > > Just because digest-auth is more interoperable than we all expected, > doesn't mean it's the right thing to do. I still strongly stand by my > arguments against it and in favor of those old-fogey security mechanisms. And it's still the case that both users and programmers have less control over HTTP auth; browsers still don't give you "logout" buttons that uncache the username and password you've entered, the credentials have to be submitted with every request rather than just once (widening the window of vulnerability to snooping), the server cannot enforce that sessions expire after a certain period of inactivity (and sometimes they will *need* to mandate that to meet the requirements of banking applications and so on, regardless of user browser choices and settings), and so on. ABS
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart








