> This has always been a problem with the web. Not only do you not have
> physical security of the device, you can not even be sure that it is the
> device you are thinking it may be.
Isn't this kind of thing exactly what Kerberos was designed for? It's been a
while since I've muddled with Kerberos so I don't know if there's a clean
way to handle it for a web application. I know there are clients you can
install that will handle the tickets, but I don't know what it would take to
integrate them on the client side with the browser. I think there's a Java
Kerberos implementation. Perhaps a java applet that handles the tickets for
the initial login might work.
Just rambling.
-Kevin
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- Re: Errors in table Design view of Dreamwea... Les Mizzell
- Re: Errors in table Design view of Dreamwea... Les Mizzell
- Can't CFRETURN inside include! Jim Davis
- RE: Can't CFRETURN inside include! Hal Helms
- Nesting CFTRANSACTION? Jim Davis
- RE: Nesting CFTRANSACTION? Kola Oyedeji
- RE: Nesting CFTRANSACTION? Andre Mohamed
- RE: Nesting CFTRANSACTION? Jim Davis
- Re: Nesting CFTRANSACTION? Christian Cantrell
- RE: Nesting CFTRANSACTION? Jim Davis
- Re: security flaw in web services Kevin Graeme
- Re: security flaw in web services Jochem van Dieten
- Re: security flaw in web services Kevin Graeme
- Re: security flaw in web services Jochem van Dieten
- Re: security flaw in web services Bryan Stevenson
- Re: security flaw in web services John Paul Ashenfelter
- RE: security flaw in web services Dave Watts
- Re: security flaw in web services Michael Dinowitz
- Re: security flaw in web services Jochem van Dieten
- RE: security flaw in web services Stacy Young
- RE: security flaw in web services Matthew Walker