albert boulanger wrote:
> DIGEST seems good in that it is encrypted and uses the
> Challange/Response like BASIC for every HTTP transaction -- matched well
> with the stateless nature of HTTP.
AFAIK, no browsers (maybe Mozilla, but that has the stability of a house
of cards ;-) support Digest adn I'm pretty sure that Zope doesn't either
> 1) One should encrypt the info in the cookie
> 2) How does one get around the stateless nature or HHTP in secure way using
> cookies? In other words, unless the HTTP transaction is challenged every
> time, how do you really know that someone is not trying to slip into an
> existing session?
Hehe, welcome to one of the biggest challenges on the web...
...that, and getting your CSS to eb compatible with all the major
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -