[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Re: Cookies at XML Europe 2004 -- Call for Participation
Rich Salz scripsit: > HTTP auth requires SSL for all connections or else passwords can be > stolen -- do you include that in your "setup in 5 minutes" overhead? > With cookies, you only need SSL on the login page if you make the cookie > be an opaque ID into server state that has a time-out. In general, > login cookies are more secure with less overhead. What is to prevent replay attacks in the cookie scenario you describe? A timeout only prevents *delayed* replay attacks. -- They do not preach John Cowan that their God will rouse them jcowan@r... A little before the nuts work loose. http://www.ccil.org/~cowan They do not teach http://www.reutershealth.com that His Pity allows them --Rudyard Kipling, to drop their job when they damn-well choose. "The Sons of Martha"
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|