> On the other hand, if you know the user's credentials, why bother to > fake anything -- just log in to the system like anyone else!
Thats user security - only user training can do that. > So... In a system where eavesdropping or man-in-the-middle attacks are > not possible (ie. HTTP over SSL), HTTP Basic Authentication is secure. As secure as any other method suggested [eg: cookies] yes - but no more or less secure. -- Dan Hardiker [[EMAIL PROTECTED]] ADAM Software & Systems Engineer First Creative Ltd -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
