Perhaps the idea of "automatically" redirecting people to alternative pages goes a bit too far:
> 1. TrustBar will automatically download from our own server, > periodically, a list of all of the unprotected login sites, including > any alternate protected login pages we are aware of. By default, > whenever a user accesses one of these unprotected pages, she will be > automatically redirected to the alternate, protected login page. How convenient! So if I could hack your server, I could get all TrustBar users' accesses -- to any predefined set of pages on the Internet -- to be redirected to scam pages. A redirect to an "untrustworthy" page is just as easy as a redirect to a "trustworthy" page. The question is who you trust. > BTW, TrustBar is an open-source project, so if some of you want to > provide it to your customers, possibly customized (branded) etc., there > is no licensing required. Also providing a handy platform for slightly modified versions, that will take their cues from a less "trustworthy" list of redirects. John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]