On Nov 25, 2006, at 5:53 PM, David Reiser wrote: > What the standard says: > > 2.5.1.1 Client Unique ID <CLIENTUID> > OFX servers can require OFX clients to include a client ID in each > signon request. This client ID should be unique to the installation > of the client software, but the method that the ID is generated is > left up to the client. The server can specify that this field is > required using the <CLIENTUIDREQ> tag in the applicable <SIGNONINFO> > section of the profile. Servers should expect that users may connect > via OFX from multiple locations and may need to associate more than > one <CLIENTUID> value with their <USERID>. > The client may make this value user discoverable, so that the user > can register the client ID with financial institutions. [I hope the > banks read this...] > Hopes dashed already. Microsoft says:
Money 2007 does not display the <CLIENTUID> in the client or in the OFX logs. It is up to a server to silently collect and register this data – much like an IP address. The wonders of security by obscurity.... The banks ought to be the ones deciding what constitutes a valid CLIENTUID, but I haven't seen them do much but follow MS and Intuit. Dave -- David Reiser [EMAIL PROTECTED] ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Aqbanking-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/aqbanking-devel
