Steve Morrey <[EMAIL PROTECTED]> writes:
> Good point about the password version field.
> I hadn't previously considered that.
> In the meantime i have redlined that code and the client is going to get an
> SSL cert before they proceed. So it all works out for the best.
> Sincerely,
> Steve
>
Security is one area where you should (almost?) never roll your own.
You should also be wary of security solutions provided by other people
who rolled their own unless they've got the credentials to back them
up and the solutions have seen some serious testing and scrutiny by
experts. As this thread has shown, it's easy to miss potential
security holes, even if you're smart and you're looking for them.
--Levi
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
