Paul Hoffman wrote: >[snip] > We don't have to be rude and say that they "aren't any good", but we > should say that there is no single standard and that none of the > standards are obviously compelling. > This would be ideal. There are some statements we can make.. such as "you should use tls with basic" and "you should be able to support some kind of rfc2617 defined or derived authentication mechanism" but that's about it. If folks want to go the cookie route, more power to 'em. There really isn't any need or us to go into any specific detail on this. It is just HTTP after all. - James
- Re: PaceFixSecurityConsideratio... Paul Hoffman
- Re: PaceFixSecurityConsideratio... James M Snell
- Re: PaceFixSecurityConsideratio... Robert Sayre
- Re: PaceFixSecurityConsideratio... James Holderness
- Re: PaceFixSecurityConsideratio... Robert Sayre
- Re: PaceFixSecurityConsideratio... David Powell
- Re: PaceFixSecurityConsideratio... Robert Sayre
- Re: PaceFixSecurityConsideratio... James Holderness
- Re: PaceFixSecurityConsideratio... Robert Sayre
- Re: PaceFixSecurityConsideratio... Paul Hoffman
- Re: PaceFixSecurityConsideratio... James M Snell
- Re: PaceFixSecurityConsideratio... Robert Sayre
- Re: PaceFixSecurityConsideratio... Robert Sayre
- Re: PaceFixSecurityConsiderations Thomas Broyer
- Re: PaceFixSecurityConsiderations Julian Reschke
- Re: PaceFixSecurityConsiderations John Panzer
- Re: PaceFixSecurityConsiderations James M Snell
- Re: PaceFixSecurityConsiderations Kyle Marvin
