Chris Withers schrieb:
...
what way? http basic auth is a standard. cookie auth isn't, and it's always insecure no matter how you implement it


they are both equally insecure - while you can make the cookie
(as session auth) a little more secure - but after all its worth
nothing as long as you dont transfer the credentials initially
encrypted :-)

++Tino

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to