Simon Smith simon at snosoft.com wrote > My first thought was on how to harden the > authentication because the basic auth didn't cut it for me. Thats what I > am looking for ideas for.
Here are some things to start with: Client certificates. Kerberos. Two-factor authentication. Unfortunately with web applications you not only need to worry about the initial authentication, but how the session is maintained. If the session is maintained using cookies, all the strong authentication in the world won't save you from having that session hijacked. - Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
