Kees Jongenburger wrote: > > So, that field is like an alternative password, and about as good, > > because if you have it, you only need to offer it as a cookie.... > It's as good as it gets. without a chanenge/response system. > isn't that possible with a different authentication sheme then basic? > > >I think you don't use one of the existing mmbase security implementation > > then? > was that a question to me? and what problem does that solve?
Perhaps, or to Simon. I'm just interested, because I recentely had to 'solve' the same problem. I concluded that is simply is not possible to do it absolutely rightly, and you always end up with something which is in essence a password in a cookie.. Michiel -- Michiel Meeuwissen mihxil' Peperbus 111 MediaPark H'sum [] () +31 (0)35 6772979 nl_NL eo_XX en_US _______________________________________________ Developers mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/developers
