On Wed, Feb 16, 2005 at 11:07:11AM +1100, Taryn East wrote: > * Gavin Carr <[EMAIL PROTECTED]> spake thus: > > Try mod_auth_tkt: http://www.openfusion.com.au/labs/mod_auth_tkt/ > > this sounds really like a good option but... > > > https://www.taryn.com/cgi-bin/ticket.cgi?user=foo;pass=bar > > this looks like exactly the sort of thing that I can't do anymore - which > is prompting me to make these changes...
I don't think so. I think what you are talking about is passing basic authentication parameters in the url, which you have to do every request, often in the clear, and is prone to leakage via referrals. These are just CGI parameters, over SSL, done once. There's no leakage because all you're getting back is a text file. You could equally well use a POST here if doing a GET makes you nervous. Cheers, Gavin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
