On a serious note, I'd like full https/ssl access, but if that's
not possible, is there a chance the authentication part could
be protected in such a fashion? Eventually, perhaps?
This seems pretty reasonable, although I think it may be better to
just ssl-encrypt the whole thing. (cookie stealing, etc.)
It's more an implementation issue than anything idealogical.
It's too bad most users freak out about HTTP-auth, as that does not
transfer the password in the clear (unlike a normal form.)
Joshua
_______________________________________________
discuss mailing list
discuss@del.icio.us
http://lists.del.icio.us/cgi-bin/mailman/listinfo/discuss