albert boulanger wrote:
> DIGEST seems good in that it is encrypted and uses the
> Challange/Response like BASIC for every HTTP transaction -- matched well
> with the stateless nature of HTTP.

AFAIK, no browsers (maybe Mozilla, but that has the stability of a house
of cards ;-) support Digest adn I'm pretty sure that Zope doesn't either

>  1) One should encrypt the info in the cookie


>  2) How does one get around the stateless nature or HHTP in secure way using
>     cookies? In other words, unless the HTTP transaction is challenged every
>     time, how do you really know that someone is not trying to slip into an
>     existing session?

Hehe, welcome to one of the biggest challenges on the web...

...that, and getting your CSS to eb compatible with all the major
browsers ;-)



Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to