Security is very important as the user will be buying something and I have
to distinguish if the user is a casual browser[rules out smart cards] or a
regular shopper. Casual browsers need to be told how wonderful our content
is and asked 1)do they want to sign up or 2) Do they want to make an
immediate credit card payment[rules out smart cards again]. Where as regular
shoppers(subscribers) can just login.
Ian
----- Original Message -----
From: "John Saylor" <[EMAIL PROTECTED]>
To: "Ian Frawley" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, October 17, 2000 8:48 AM
Subject: Re: Remembering Authentication
> Hi
>
> ----- Original Message -----
> From: "Ian Frawley" <[EMAIL PROTECTED]>
>
>
> > Is it not just possible through a perl module as I am not very clued
> up on
> > digital certificates.
>
> Well, you have to have some credentials- and if it's not a cookie [bad
> idea anyway], and if it's not a username/password- what would it be?
>
> You could have IP address based authentication, but this is probably
> more prone to misconfiguration and forgery than digital certificates.
>
> How important is access control to your application? In other words,
> where is the line on how much effort you [and your users] are going to
> put into security at the expense of convenience?
>
> \js
