Technically correct...but not complete:
http://issues.apache.org/bugzilla/show_bug.cgi?id=22679
Some manual work does have to be done but you can create secure web applications with SSL.
Better things can be done with hardware routers + ssl, but thats another discussion.
-Andy
Christopher L Merrill wrote:
[EMAIL PROTECTED] wrote:
Might be, the clients I work with are a self-selecting group. I mostly work with apps concerned about security (financials, millitary,
health care, network management, etc). Since the session id in the url by its very nature is not/cannot be encrypted really what is the point of doing such a thing?
Since a session-identifier in a cookie is also not encrypted, I see no difference in the security of the two implementations.
C
_______________________________________________ Juglist mailing list [email protected] http://trijug.org/mailman/listinfo/juglist_trijug.org
