Hi Richard, Richard Hauswald schrieb: > Accoring to the docs, the same passphrase is used to encrypt/decrypt > values. So a user A will share the same key with user B(with different > htpp sessions). If user A gets an encrypted value(eg by sniffing) from > user B, eg a database id, he can send it to stripes and stripes will > decrypt it. This is IMHO a security problem. > the session id can be sniffed, too. Changing the encryption key for every new session won't solve the problem. Using a secure network connection will be necessary.
Regards, Marcus ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
