Hi, Am Donnerstag, den 14.08.2008, 10:19 -0600 schrieb Peter Saint-Andre:
> Right. If the client is dumb, that is the client's problem. :) > > Do we need to add a sentence about this to guide client developers, or > is it clear that if you use https you want to also set the secure > attribute to true? Maybe a short note? But there are cases where it could make sense like if a client knows that a CM can't do 'secure' connections and maybe doesn't care about that but wants to make sure that at least the first part of the road is secured against curious observers (like at work if you don't want your boss reading your conversation). Cheers, Steve
