My reason for using SSL was that the username/password combination
wouldn't be transmitted in plaintext... that's all. If you're passing the
creditials in plaintext to the Win2k machine though going to SSL for the
auth on PHP/Linux wouldn't really make any sense I suppose.
Justin Buist
Trident
A combonation of IP restriction and basic authentication over SSL, while not
ideal, would probably be better than most alternatives I can think of.
Josh Hoover
KnowledgeStorm, Inc.
[EMAIL PROTECTED]
Searching for a new IT solution for your company? Need to improve your
product marketing?
Visit
If you need the data to be secure, you could probably just encrypt it with
mcrypt, if you want to make sure it wasn't forged, you want to have A sign
the data, then have B check it. If I were you, I would look at GNU Privacy
Guard. You can just use some backticks and you're set. If you have
SSL would be useless. It has no facilities for authentication, which is what
we need here. Basically, SSL encrypts communications between two computers-
it doesn't care which two and is therefore vulnerable to man-in-the-middle
attacks.
On Wednesday 19 September 2001 08:22, you wrote:
4 matches
Mail list logo